Extending the key expiration date
JanuszA.Urbanowicz
JanuszA.Urbanowicz
Thu Sep 6 16:04:02 2001
Florian Weimer wrote/napisał[a]/schrieb:
> Subba Rao <subba9@home.com> writes:
> > > > Is it possible to edit the expiration date of the current key?
> > >
> > > Yes, it's even possible without invalidating certificates. This is a
> > > known design flaw in OpenPGP.
> > >
> > > I hope some day GnuPG will implement a workaround (e.g. limiting the
> > > validity period of certificates to that of the certified key).
>
> > Why is it a flaw?
>
> If an attacker obtains your secret key, he can arbitrarily increase
> the lifetime of the key, thus increasing its value.
It is no more flaw that the one lately announced about not-signing date,
originator and recipients of the message.
By definition if an attacker have your secret key, he can do anything. You
may call it a flaw in whole pulic key cryptography concept.
Alex
--
Janusz A. Urbanowicz | ALEX3-RIPE | SF-Framling | Thawte Web Of Trust Notary
Gdy daję biednym chleb, nazywają mnie świętym. Gdy pytam,
dlaczego biedni nie mają chleba, nazywają mnie komunistą. - abp. Helder Camara