Extending the key expiration date
David Shaw
dshaw@jabberwocky.com
Wed Sep 5 20:51:02 2001
On Wed, Sep 05, 2001 at 08:08:39PM +0200, Florian Weimer wrote:
> David Shaw <dshaw@jabberwocky.com> writes:
>
> > On Wed, Sep 05, 2001 at 08:39:35AM +0200, Florian Weimer wrote:
> > > Subba Rao <subba9@home.com> writes:
> > >
> > > > Is it possible to edit the expiration date of the current key?
> > >
> > > Yes, it's even possible without invalidating certificates. This is a
> > > known design flaw in OpenPGP.
> >
> > I wouldn't call it a flaw. I'd call that a feature :) Having to
> > revoke the self-signature and put a new one in place will lead to huge
> > trails of self-signatures followed by certificate revocations followed
> > by more self-signatures every time the user changed their preferences.
>
> Eh, sorry, I don't see the relevance of this in the light of key
> expiration times.
Ah, I just twigged to the confusion. I was discussing self-signatures
because the key expiration time is contained in the self-signature.
Changing the expiration time of the key involves changing the
self-signature.
My point was that it is a Good Thing that OpenPGP allows
self-signature replacement in-place, rather than forcing a revocation
and new signature. Otherwise, every time you change the key
expiration time (or any key preferences, actually), the key will gain
a revocation and signature. After a while, that makes for a really
huge key.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson