Extending the key expiration date
Thu Sep 6 16:50:02 2001
"Janusz A. Urbanowicz" <firstname.lastname@example.org> writes:
> If a personal key is not compromised after expiry period, it should
> be perfectly legal to reset the expiry date for a next period. This
> saves a lot of hassle with key distribution, establishing trust etc.
But this approach is completely broken from a security point of view.
Key expiration is usually used to impose a hard limit on the lifetime
of a key. As a result, the key is not as valuable as one with an
I don't see how your approach differs from not setting a key
expiration time at all.
Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898