Key lifetime

[L. Sassaman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 15 Jun 2000, Florian Weimer wrote:

> No, it isn't.  The concept of key validty is beyond the scope of the
> RFC.  For example, an implementation of RFC 2440 is free to consider
> all keys valid whose primary user ID happens to start with the letter
> 'A'.  (I would be very glad if someone proved me wrong, it would make
> life easier for us. ;-)

In RFC2440bis2, look at "5.2.3.23. Reason for Revocation",
"5.2.3.13. Trust signature", "5.2.1. Signature Types", etc. RFC 2440bis2
is fuzzy in its handling of key validity, but it is definately there.

And you are correct... there are no MUSTs covering key validity, so an
implementation is free to handle it as it pleases. But there are
definately hints as to how validity should be done.

This is also probably out of the scope of this list. We can take this off
the list, or over to the OpenPGP mailing list, if you like.


__

L. Sassaman

System Administrator                |  "If you chose not to decide, 
Technology Consultant               |  you still have made a choice" 
icq.. 10735603                      |  
pgp.. finger://ns.quickie.net/rabbi |                    --Rush







-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.

iD8DBQE5SSLoPYrxsgmsCmoRAuPqAJ93GldcYO82284/t1zQMVnFhqpWQQCfRNW6
tP4Gx+PThO4o6dymOEo5Zu8=
=521J
-----END PGP SIGNATURE-----