signing keys with expiration
atom at suspicious.org
Wed May 19 08:52:26 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
when signing a key with an expiration date, a user is asked:
Do you want your signature to expire at the same time? (Y/n)
why is the default "yes"?
i use an expiration on my keys as a sort of self-revocation... should the
keys become neglected or abandoned, or if i lose the secret key, the keys
will revoke themselves. if nothing bad happens to me or my secret keys, i
plan to update the expiration on the keys indefinitely.
my concern is that a user who signs my keys might just go with the
default, which could cause me to have a bunch of expired signatures on my
of course it may be desirable, in some circumstances, to expire a
certification signature at the same time as the key expires, but i think
the default should be set to "no".
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
"I disapprove of what you say, but I will defend
to the death your right to say it."
-- widely attributed to Voltaire, but written by
Evelyn Beatrice Hall under the pseudonym
S[tephen] G. Tallentyre.
The Friends of Voltaire, 1906
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures
-----END PGP SIGNATURE-----
More information about the Gnupg-devel