Extending the key expiration date

David Shaw dshaw@jabberwocky.com
Wed Sep 5 20:51:02 2001


On Wed, Sep 05, 2001 at 08:08:39PM +0200, Florian Weimer wrote:

> David Shaw <dshaw@jabberwocky.com> writes:
>
> > On Wed, Sep 05, 2001 at 08:39:35AM +0200, Florian Weimer wrote:
> > > Subba Rao <subba9@home.com> writes:
> > >
> > > > Is it possible to edit the expiration date of the current key?
> > >
> > > Yes, it's even possible without invalidating certificates. This is a
> > > known design flaw in OpenPGP.
> >
> > I wouldn't call it a flaw. I'd call that a feature :) Having to
> > revoke the self-signature and put a new one in place will lead to huge
> > trails of self-signatures followed by certificate revocations followed
> > by more self-signatures every time the user changed their preferences.
>
> Eh, sorry, I don't see the relevance of this in the light of key
> expiration times.
Ah, I just twigged to the confusion. I was discussing self-signatures because the key expiration time is contained in the self-signature. Changing the expiration time of the key involves changing the self-signature. My point was that it is a Good Thing that OpenPGP allows self-signature replacement in-place, rather than forcing a revocation and new signature. Otherwise, every time you change the key expiration time (or any key preferences, actually), the key will gain a revocation and signature. After a while, that makes for a really huge key. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson