Why expire?
David Shaw
dshaw@jabberwocky.com
Tue Jul 29 06:04:01 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, Jul 28, 2003 at 08:47:19PM -0700, J Irving wrote:
> 2003.07.28 @ 20:44 PDT
> heya
>
> This is a question aimed at researching opinion - it does *not*
> imply that I think key expiration is a bad idea. I'm relatively
> neutral, tending to the conservative.
>
> Why expire keypairs? They can, afterall, be revoked.
>
> One reason I immediately come up with is that the longer they
> exist, the more likely they are to be compromised. Are there
> other reasons?
Expiration in OpenPGP keys is unfortunately not able to handle that
case. The expiration date on a compromised key can be changed by the
attacker, thus "unexpiring" it. This is an intentional feature, but
the benefit of being able to extend expiration dates comes with the
disadvantage of an attacker being able to do the same thing.
A good reason to put an expiration date on a key is that people
sometimes forget their passphrase or lose the secret key. With an
expiration date, there is a drop-dead date after which the key is not
going to be used.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
iEYEARECAAYFAj8l8mYACgkQ4mZch0nhy8kEnQCgvXfcImIzvLt0W25oCC+g4NBh
vX8AoNZu8YnLH7dyGrd1eCv9VD66syL8
=RCQ9
-----END PGP SIGNATURE-----