Validity period of GPG-keys

Dennis Lambe Jr.
Tue May 27 20:01:01 2003

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Tue, 2003-05-27 at 04:17, Jan Dirnberger wrote:
> I'm working on a school project, including Public Key Infrastrucure (PKI)=
> We are instructed to get out how long the validity period of a GPG-key
> should be set in a company or other organisations the info-material we co=
> is for in.
> First I wanted to advise a unrestricted validity, but then I remembered t=
> organisations or enterprises might have often changing memebers. So I'm c=
> between the devil and the deep blue sea what to advise...

Is it possible for a key signer to revoke it's signature on a key?  This
seems like a natural thing to want to do, but I've never seen it

I think it might solve this question as well.  You designate a key,
owned by the organization, to be a CA for the organization.  It is used
to sign every member's key, and when a member leaves an organization,
the CA's signature is revoked on that key, indicating that it is no
longer valid.

If everyone syncs to the same keyserver, this appears to me to be a
workable way to acheive Jan's goals.  Is this possible, and if not, is
there a security reason why not, or has it just not been implemented?

--Dennis Lambe

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.2.2 (GNU/Linux)
Comment: My public key is available at