Set date for signature to expire
Jan Niehusmann
jan at gondor.com
Tue Jun 14 14:58:32 CEST 2005
On Wed, Jun 08, 2005 at 02:09:59AM +0200, Per Tunedal Casual wrote:
> True, but it might be convenient anyhow. The shorter the time, the safer
> the guess!
>
> One way is to assume that the key is attacked immediately and that all the
> security is in the passphrase. Make an estimation of the strength of the
> passphrase and you are done!
But then, the safe guess would be that the attack did start immediately
when the key was generated, not when the signature was added. So,
following your logic, you should never sign a key older than your
estimated passphrase-guessing-time.
I guess one should leave that decission to the key owner. The signature
only tells one thing: This key belongs to person XYZ. And nothing about
key security.
Signature expiration dates are useful when "person XYZ" is not (only) a
natural person, but some kind of role account (eg. "CEO of Company
ABC"), where that role is not a permanent one, but may change in future.
Currently, I can't imagine other sensible uses for signature expiration
(but I'm not claiming there aren't - it's only my limited imagination).
Yours,
Jan
More information about the Gnupg-users
mailing list