AW: Robot CA at

David Shaw
Sun Dec 8 21:32:02 2002

On Sun, Dec 08, 2002 at 01:36:08PM -0600, Kyle Hasselbacher wrote:

> On Sun, Dec 08, 2002 at 07:04:04AM -0500, David Shaw wrote:
> >On Sat, Dec 07, 2002 at 04:53:36PM -0600, Kyle Hasselbacher wrote:
> >> I may be off my rocker, but I've been thinking "3 months" for expiration.
> >> I wonder if I'm crazy since every other suggestion I hear is longer.  Does
> >> anyone have evidence beyond the personal anecdotal about the lifetime of
> >> the average email address?
> >
> >Well, it almost doesn't matter.  This detail isn't really so much a
> >matter of security as a matter of sanity.  Remember that every time
> >you sign a key, you add a new signature packet - and the old one stays
> >around as well.  If you are signing (and then re-signing) a key every
> >3 months, pretty soon the key will be huge and covered in your
> >signatures.
> Tangent:  why don't OpenPGP implementations discard expired data?  I can
> understand holding a revoked key so you don't reimport it as unrevoked, but
> stuff that's expired is just useless, useless, useless.  Or am I missing
> something?  Are we worried that my clock is wrong?

We're worried about everything. ;)  A good number of possible attacks
and operational issues simply disappear if the policy is to retain all


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson