Extending the key expiration date

Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
Thu Sep 6 16:50:02 2001


"Janusz A. Urbanowicz" <alex@bofh.torun.pl> writes:


> If a personal key is not compromised after expiry period, it should
> be perfectly legal to reset the expiry date for a next period. This
> saves a lot of hassle with key distribution, establishing trust etc.
But this approach is completely broken from a security point of view. Key expiration is usually used to impose a hard limit on the lifetime of a key. As a result, the key is not as valuable as one with an unlimited lifetime. I don't see how your approach differs from not setting a key expiration time at all. -- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898