[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Need new key signed (live in NYC)

On Tue, Dec 11, 2001 at 09:52:23AM +0000, Andrew Suffield wrote:
> On Mon, Dec 10, 2001 at 07:11:27PM -0600, Steve Langasek wrote:
> > On Mon, Dec 10, 2001 at 02:56:31PM -0800, martin f krafft wrote:
> > > uhm, why not just change the expiration date? from what i understand,
> > > the expiration is only applicable to a public key, the private key can
> > > be changed in terms of expiration... or am i wrong?

> > > actually, your signing key can be changed in terms of expiration, your
> > > encrypting key will expire, but that one is independent of
> > > signatures...

> > In short: he tried that, and it didn't stick when he uploaded it to the
> > keyservers.  <shrug>

> Which is presumably because the key he self-signed with had
> expired. Allowing an expired key to have its expiry date pushed
> forward so that it is no longer expired would seem to defeat the point
> of having an expiry date to me...

Counter-intuitive, but programmatically equivalent.  Suppose I set my
system clock back before the original expiration date of my key, I sign
it with a different expiration date farther in the future, and I
distribute the key with the new signature.  How can a recipient tell
that I didn't /really/ re-sign the key on the date I claim I did?

You can never second-guess the data in the self-signature.  There simply
isn't an objective reference point to compare it against.

Steve Langasek
postmodern programmer

Attachment: pgpOAACwV0DoY.pgp
Description: PGP signature

Reply to: