Key lifetime

L. Sassaman
Mon, 12 Jun 2000 15:06:41 -0700 (PDT)

Hash: SHA1

On Mon, 12 Jun 2000, Stefan H. Holek wrote:

> On Thu, 8 Jun 2000, L. Sassaman wrote:
> > On Thu, 8 Jun 2000, Stefan H. Holek wrote:
> >
> > > On Thu, 8 Jun 2000, L. Sassaman wrote:
> > >
> > > > The longer the lifetime of a key, the more likely the key is to be
> > > > compromised. If you chose to retire a key, be sure to link your new key
> > > > with the old by signing it with the old before the old key expires.
> > >
> > > Does this mean an expired key can still be used for computing trust?
> >
> > Yes. Read RFC 2440 if you're really interested.
> This is gnupg-USERS, isn't it?
Sure. Which is why I wasn't about to get into the fine details... most people wouldn't be interested, and the RFC answers all the questions you might have in depth.
> Any user-level documentation on this?
None that I know of. There is the Gnu Privacy Handbook, which is kind of spotty. I'm covering GnuPG in my upcoming email security book, but that's not going to be available until next year.
> I obviously was missing that part
> and consider it valuable information, but knowing the packet formats does
> not help much. I am not planning to do an implementation in the near
> future.
Heh, I wasn't suggesting you pay attention to the packet formats... I didn't mean to come across in the way that I apparently did. Sorry... __ L. Sassaman System Administrator | "If you chose not to decide, Technology Consultant | you still have made a choice" icq.. 10735603 | pgp.. finger:// | --Rush -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE5RV72PYrxsgmsCmoRAvODAKD1JwwAOCFae8R9ig/QUTPY5gMOSACg6qfT GHk3ZL7Yk8uDlzNB8OpBblA= =0Lu8 -----END PGP SIGNATURE-----