[moderm@gmx.net: expire date on keys]

[Werner Koch]

> ----- Forwarded message from Mario Moder <moderm@gmx.net> -----

> key to a keyserver or to some persons and the key will expire on the
> specified date, what will happen? Do I have to generate a new key

An expired key is not trusted anymore; that it will not be used
to validate a key in the wen of trust.

If you try to use such a key, you will get a note that the key has
expired.

> pair? Can I use the same (Mario Moder <moderm@gmx.net>) User ID then

Yes - you will get a new keyid if you generate a new key.

> (I don't want to change my email-address)? Or can I simply set a new
> expire date and then sent my (old) key (with the new date) to a

This is a new feature of OpenPGP and IMHO not very well thought. It is
okay, that the expire date is not anymore on the key direct but on a 
signature, so that it is indeed possible to change the expire date -
but is should be on a direct key signature.  The RFC does not tell
very much about expire dates.

For CAs the expire date is a must.

Not using an expire date is okay - you have always the chance to issue
a revocation certificate.  The advantage of the expire date is that it
is bound to the public key and therefore instantly available. 


-- 
Werner Koch at guug.de           www.openIT.de             keyid 621CC013