Key lifetime
Florian Weimer
Florian.Weimer@RUS.Uni-Stuttgart.DE
13 Jun 2000 10:50:08 +0200
"L. Sassaman" <rabbi@quickie.net> writes:
> > > The longer the lifetime of a key, the more likely the key is to be
> > > compromised. If you chose to retire a key, be sure to link your new key
> > > with the old by signing it with the old before the old key expires.
> >
> > Does this mean an expired key can still be used for computing trust?
>
> Yes. Read RFC 2440 if you're really interested.
Do you have a quote? I'm quite sure this issue is *not* covered by
RFC 2440.
--
Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
http://ca.uni-stuttgart.de:11371/pks/lookup?op=get&search=0xC06EC3B5