signing keys with expiration

Atom 'Smasher' atom at suspicious.org
Wed May 19 08:52:26 CEST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

when signing a key with an expiration date, a user is asked:
	Do you want your signature to expire at the same time? (Y/n)

why is the default "yes"?

i use an expiration on my keys as a sort of self-revocation... should the
keys become neglected or abandoned, or if i lose the secret key, the keys
will revoke themselves. if nothing bad happens to me or my secret keys, i
plan to update the expiration on the keys indefinitely.

my concern is that a user who signs my keys might just go with the
default, which could cause me to have a bunch of expired signatures on my
key.

of course it may be desirable, in some circumstances, to expire a
certification signature at the same time as the key expires, but i think
the default should be set to "no".


        ...atom

 _________________________________________
 PGP key - http://atom.smasher.org/pgp.txt
 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
 -------------------------------------------------

	"I disapprove of what you say, but I will defend
	 to the death your right to say it."
		-- widely attributed to Voltaire, but written by
		Evelyn Beatrice Hall under the pseudonym
		S[tephen] G. Tallentyre.
		The Friends of Voltaire, 1906
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish?  -  http://atom.smasher.org/links/#digital_signatures

iEYEARECAAYFAkCrBC8ACgkQnCgLvz19QeNwXgCeJEdqAPmtHmDhEq1fzroXO1xp
41YAnAwwsLD8/JHBPXggFTMHdR7zeasG
=Li2Q
-----END PGP SIGNATURE-----



More information about the Gnupg-devel mailing list