Extending the key expiration date

JanuszA.Urbanowicz JanuszA.Urbanowicz
Thu Sep 6 16:04:02 2001


Florian Weimer wrote/napisał[a]/schrieb:

> Subba Rao <subba9@home.com> writes:
> > > > Is it possible to edit the expiration date of the current key?
> > >
> > > Yes, it's even possible without invalidating certificates. This is a
> > > known design flaw in OpenPGP.
> > >
> > > I hope some day GnuPG will implement a workaround (e.g. limiting the
> > > validity period of certificates to that of the certified key).
>
> > Why is it a flaw?
>
> If an attacker obtains your secret key, he can arbitrarily increase
> the lifetime of the key, thus increasing its value.
It is no more flaw that the one lately announced about not-signing date, originator and recipients of the message. By definition if an attacker have your secret key, he can do anything. You may call it a flaw in whole pulic key cryptography concept. Alex -- Janusz A. Urbanowicz | ALEX3-RIPE | SF-Framling | Thawte Web Of Trust Notary Gdy daję biednym chleb, nazywają mnie świętym. Gdy pytam, dlaczego biedni nie mają chleba, nazywają mnie komunistą. - abp. Helder Camara