Extending the key expiration date

[Florian Weimer]

"Janusz A. Urbanowicz" <alex@bofh.torun.pl> writes:

> If a personal key is not compromised after expiry period, it should
> be perfectly legal to reset the expiry date for a next period. This
> saves a lot of hassle with key distribution, establishing trust etc.

But this approach is completely broken from a security point of view.
Key expiration is usually used to impose a hard limit on the lifetime
of a key.  As a result, the key is not as valuable as one with an
unlimited lifetime.

I don't see how your approach differs from not setting a key
expiration time at all.

-- 
Florian Weimer 	                  Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898