Why expire?

David Shaw dshaw@jabberwocky.com
Tue Jul 29 06:04:01 2003

Hash: SHA1

On Mon, Jul 28, 2003 at 08:47:19PM -0700, J Irving wrote:
>                                         2003.07.28 @ 20:44 PDT
> heya
> This is a question aimed at researching opinion - it does *not*
> imply that I think key expiration is a bad idea.  I'm relatively
> neutral, tending to the conservative.
> Why expire keypairs?  They can, afterall, be revoked.
> One reason I immediately come up with is that the longer they
> exist, the more likely they are to be compromised.  Are there
> other reasons?

Expiration in OpenPGP keys is unfortunately not able to handle that
case.  The expiration date on a compromised key can be changed by the
attacker, thus "unexpiring" it.  This is an intentional feature, but
the benefit of being able to extend expiration dates comes with the
disadvantage of an attacker being able to do the same thing.

A good reason to put an expiration date on a key is that people
sometimes forget their passphrase or lose the secret key.  With an
expiration date, there is a drop-dead date after which the key is not
going to be used.

Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc