Extending the key expiration date
Florian Weimer
Florian.Weimer@RUS.Uni-Stuttgart.DE
Thu Sep 6 16:50:02 2001
"Janusz A. Urbanowicz" <alex@bofh.torun.pl> writes:
> If a personal key is not compromised after expiry period, it should
> be perfectly legal to reset the expiry date for a next period. This
> saves a lot of hassle with key distribution, establishing trust etc.
But this approach is completely broken from a security point of view.
Key expiration is usually used to impose a hard limit on the lifetime
of a key. As a result, the key is not as valuable as one with an
unlimited lifetime.
I don't see how your approach differs from not setting a key
expiration time at all.
--
Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898