Validity period of GPG-keys
Dennis Lambe Jr.
Tue May 27 20:01:01 2003
On Tue, 2003-05-27 at 04:17, Jan Dirnberger wrote:
> I'm working on a school project, including Public Key Infrastrucure (PKI)=
> We are instructed to get out how long the validity period of a GPG-key
> should be set in a company or other organisations the info-material we co=
> is for in.
> First I wanted to advise a unrestricted validity, but then I remembered t=
> organisations or enterprises might have often changing memebers. So I'm c=
> between the devil and the deep blue sea what to advise...
Is it possible for a key signer to revoke it's signature on a key? This
seems like a natural thing to want to do, but I've never seen it
I think it might solve this question as well. You designate a key,
owned by the organization, to be a CA for the organization. It is used
to sign every member's key, and when a member leaves an organization,
the CA's signature is revoked on that key, indicating that it is no
If everyone syncs to the same keyserver, this appears to me to be a
workable way to acheive Jan's goals. Is this possible, and if not, is
there a security reason why not, or has it just not been implemented?
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: My public key is available at http://cif.rochester.edu/~malsyned/public_key.html
-----END PGP SIGNATURE-----