Extending the key expiration date
David Shaw
dshaw@jabberwocky.com
Wed Sep 5 20:30:01 2001
On Wed, Sep 05, 2001 at 08:18:53PM +0200, Florian Weimer wrote:
> Subba Rao <subba9@home.com> writes:
> > > > Is it possible to edit the expiration date of the current key?
> > >
> > > Yes, it's even possible without invalidating certificates. This is a
> > > known design flaw in OpenPGP.
> > >
> > > I hope some day GnuPG will implement a workaround (e.g. limiting the
> > > validity period of certificates to that of the certified key).
>
> > Why is it a flaw?
>
> If an attacker obtains your secret key, he can arbitrarily increase
> the lifetime of the key, thus increasing its value.
Sure, but you can revoke the key, which trumps the attacker :)
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson