Re: [Debconf-discuss] Last call for keys for keysigning in New York City, USA during DebConf10

To: debconf-discuss@lists.debconf.org
Subject: Re: [Debconf-discuss] Last call for keys for keysigning in New York City, USA during DebConf10
From: "Giacomo A. Catenazzi" <cate@debian.org>
Date: Tue, 20 Jul 2010 16:49:12 +0200
Message-id: <[🔎] 4C45B768.3050101@debian.org>
In-reply-to: <[🔎] 4C45B3C6.6070504@complete.org>
References: <20100719041951.GF4428@mapuche.apana.org.au> <[🔎] 20100720024504.GB4157@mapuche.apana.org.au> <[🔎] 4C4514B2.10504@complete.org> <[🔎] 4C4519FB.80608@fifthhorseman.net> <[🔎] 1279602259.2213.40.camel@havelock> <[🔎] 4C454072.6020300@fifthhorseman.net> <[🔎] 1279608462.2213.43.camel@havelock> <[🔎] 20100720113711.GA17718@fnb.tu-darmstadt.de> <[🔎] 4C45B3C6.6070504@complete.org>

On 20.07.2010 16:33, John Goerzen wrote:

On 07/20/2010 06:37 AM, Michael Fladerer wrote:

Hi Lars,

On Mon Jul 19, 2010 at 23:47:42 -0700, Lars Wirzenius wrote:

(I also hope that I've now verified that my new key is fine, except for
lacking an expiration date. But I hope I can fix that without generating
a new key.)

yes, that's pretty simple:


I'd want to state here that I don't consider a key without an expiration
date to be broken as such.  (Nor do I consider a key *with* an
expiration date to be broken.)

I don't really buy the argument that an expiration date improves
security, and think that it may hurt it in some ways.


I totally agree. Key expiration dates has nothing to do with security.
A expired key without a published revocation certificate is not
really "expired" (e.g. it can be rendered again unexpired very
easily, by controlling the private key).

So I think the expiration field risk to confuse the user.

IMHO the only way to have time restricted key is to set-p an
internal Debian keyring policy, removing old keys [5-10 years]
(thus making them invalid for new stuff, but not to verify
integrity of old packages).

ciao
	cate

Reply to:

References:
- Re: [Debconf-discuss] Last call for keys for keysigning in New York City, USA during DebConf10
  - From: Aníbal Monsalve Salazar <anibal@debian.org>
- Re: [Debconf-discuss] Last call for keys for keysigning in New York City, USA during DebConf10
  - From: John Goerzen <jgoerzen@complete.org>
- Re: [Debconf-discuss] Last call for keys for keysigning in New York City, USA during DebConf10
  - From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- Re: [Debconf-discuss] Last call for keys for keysigning in New York City, USA during DebConf10
  - From: Lars Wirzenius <liw@liw.fi>
- Re: [Debconf-discuss] Last call for keys for keysigning in New York City, USA during DebConf10
  - From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- Re: [Debconf-discuss] Last call for keys for keysigning in New York City, USA during DebConf10
  - From: Lars Wirzenius <liw@liw.fi>
- Re: [Debconf-discuss] Last call for keys for keysigning in New York City, USA during DebConf10
  - From: Michael Fladerer <fladerer@fnb.tu-darmstadt.de>
- Re: [Debconf-discuss] Last call for keys for keysigning in New York City, USA during DebConf10
  - From: John Goerzen <jgoerzen@complete.org>

Prev by Date: Re: [Debconf-discuss] Last call for keys for keysigning in New York City, USA during DebConf10
Next by Date: Re: [Debconf-discuss] Last call for keys for keysigning in New York City, USA during DebConf10
Previous by thread: Re: [Debconf-discuss] OpenPGP primary key expirations: useful? [was: Re: Last call for keys for keysigning in New York City, USA during DebConf10]
Next by thread: Re: [Debconf-discuss] Last call for keys for keysigning in New York City, USA during DebConf10
Index(es):
- Date
- Thread