Re: New key = New package?
Richard Braakman wrote:
>
> On Fri, Aug 18, 2000 at 04:36:26PM +0200, Stefan Alfredsson wrote:
> > IIRC what happens is that a special signature is added to
> > your key which informs of the new expiredate,
> > and since this packet is signed by you its effectively as
> > if you'd choosen another expireday to begin with.
>
> If that really works, expiry is useless.
> The whole point of expiring keys is to reduce the risk of
> them being compromised during their lifetime
> (by shortening the lifetime).
> If anyone who has the key can extend its expiry time, then what is the
> point? You might as well not expire it in the first place.
Except that only the holder of the key -the knower of the passphrase-
is able to change that expiry, and then sign with it. If one
is confident that the key has not been compromised, one ought
be able to keep the key effective. Freedom includes the freedom
to change one's mind.
But I don't use expiry: if I desire my keys to expire, I'll
revoke them. Hmmm... Could I then 'unrevoke' them later? I
think not: that should be the choice of the keyserver... (?)
--
I'm on the list.
Bolan.Meek@wcom.com 972-729-5387
bolan@koyote.com (home ph. on Q) http://www.koyote.com/users/bolan
RE: xmailtool http://www.koyote.com/users/bolan/xmailtool/index.html
RMS of Borg: "Resistance is futile; you shall be freed."
Reply to: