Set date for signature to expire
Per Tunedal Casual
pt at radvis.nu
Wed Jun 8 02:09:59 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
At 15:40 2005-06-07, you wrote:
>On Mon, 6 Jun 2005 12:20:33 -0400, Anonymous said:
>> #2. A statement that you trust that the UID accurately reflects the
>> true ownership of the key.
>I just wonder how to decide how long this ownership is valid. A year,
>a month, a day, a minute or even already void in the past? The owner
>usually can't and you can't for sure give any reasonable estimation.
True, but it might be convenient anyhow. The shorter the time, the safer
One way is to assume that the key is attacked immediately and that all the
security is in the passphrase. Make an estimation of the strength of the
passphrase and you are done!
Issuers of X509 certificates use 1 year for soft certificates and 5 years
for card certificates. I don't know their calculations behind that decision.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32) - GPGrelay v0.959
Comment: Vad är en PGP-signatur? www.clipanish.com/PGP/pgp.html
-----END PGP SIGNATURE-----
More information about the Gnupg-users