[moderm@gmx.net: expire date on keys]

Werner Koch wk@gnupg.org
Fri, 2 Jul 1999 11:07:32 +0200

> ----- Forwarded message from Mario Moder <moderm@gmx.net> -----

> key to a keyserver or to some persons and the key will expire on the
> specified date, what will happen? Do I have to generate a new key
An expired key is not trusted anymore; that it will not be used to validate a key in the wen of trust. If you try to use such a key, you will get a note that the key has expired.
> pair? Can I use the same (Mario Moder <moderm@gmx.net>) User ID then
Yes - you will get a new keyid if you generate a new key.
> (I don't want to change my email-address)? Or can I simply set a new
> expire date and then sent my (old) key (with the new date) to a
This is a new feature of OpenPGP and IMHO not very well thought. It is okay, that the expire date is not anymore on the key direct but on a signature, so that it is indeed possible to change the expire date - but is should be on a direct key signature. The RFC does not tell very much about expire dates. For CAs the expire date is a must. Not using an expire date is okay - you have always the chance to issue a revocation certificate. The advantage of the expire date is that it is bound to the public key and therefore instantly available. -- Werner Koch at guug.de www.openIT.de keyid 621CC013