Extending the key expiration date

[Werner Koch]

On Thu, 06 Sep 2001 23:20:56 +0200, Florian Weimer said:

> Not quite, CRLs are signed by the CA, and you can be sure that you
> have the most recent one, and that it contains all relevant
> revocations.

But only those the CA knows about - so this is not different to keyservers.

The whole discussion on this topic is based on different assumptions,
you are more thinking in terms of a hierarchical CAs, whereas most PGP
users assume a decentralized network.

-- 
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus