Re: New key = New package?

To: debian-mentors@lists.debian.org
Subject: Re: New key = New package?
From: Richard Braakman <dark@xs4all.nl>
Date: Fri, 18 Aug 2000 17:37:34 +0200
Message-id: <[🔎] 20000818173734.A12772@xs4all.nl>
In-reply-to: <[🔎] 20000818163626.A26365@sa-pc.cs.kau.se>; from stefan@alfredsson.org on Fri, Aug 18, 2000 at 04:36:26PM +0200
References: <[🔎] 20000811235612.A2940@cyberus.ca> <[🔎] 20000818163626.A26365@sa-pc.cs.kau.se>

On Fri, Aug 18, 2000 at 04:36:26PM +0200, Stefan Alfredsson wrote:
> IIRC what happens is that a special signature is added to 
> your key which informs of the new expiredate,
> and since this packet is signed by you its effectively as
> if you'd choosen another expireday to begin with.

If that really works, expiry is useless.  The whole point of expiring
keys is to reduce the risk of them being compromised during their lifetime
(by shortening the lifetime).

If anyone who has the key can extend its expiry time, then what is the
point?  You might as well not expire it in the first place.

Richard Braakman

Reply to:

Follow-Ups:
- Re: New key = New package?
  - From: Bolan Meek <Bolan.Meek@wcom.com>

References:
- New key = New package?
  - From: "Warren A. Layton" <zeevon@cyberus.ca>
- Re: New key = New package?
  - From: Stefan Alfredsson <stefan@alfredsson.org>

Prev by Date: Re: New key = New package?
Next by Date: Re: Turning around a symlink
Previous by thread: Re: New key = New package?
Next by thread: Re: New key = New package?
Index(es):
- Date
- Thread