Key lifetime

Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
15 Jun 2000 13:50:53 +0200

"L. Sassaman" <> writes:

> > > > Does this mean an expired key can still be used for computing trust?
> > >
> > > Yes. Read RFC 2440 if you're really interested.
> >
> > Do you have a quote? I'm quite sure this issue is *not* covered by
> > RFC 2440.

> So the question really comes down to, "are expired keys valid?" And that
> *is* covered by the RFC.
No, it isn't. The concept of key validty is beyond the scope of the RFC. For example, an implementation of RFC 2440 is free to consider all keys valid whose primary user ID happens to start with the letter 'A'. (I would be very glad if someone proved me wrong, it would make life easier for us. ;-) -- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE University of Stuttgart RUS-CERT +49-711-685-5973/fax +49-711-685-5898