Ignoring expiration dates
fweimer at bfk.de
Wed Jan 2 15:39:56 CET 2008
* Werner Koch:
> On Wed, 2 Jan 2008 13:53, fweimer at bfk.de said:
>> Oh well, this is a bit counterintuitive because the expiration time is
>> a hard fact in X.509, and rather fuzzy in OpenPG.
> I don't agree that it is fuzzy in OpenPGP; it is well defined.
For v3 keys, it is, but not for v4 keys. Implementations are free to
take the minimum or maximum of the expiration date over all available
self-signatures. After all, OpenPGP is just a format spec, and
doesn't say much about semantics.
Actually, this is a very old discussion. I've come to accept that
it's okay to choose the maximum, but I still don't buy that's the only
>> Would you accept a patch, even if it's a kludge? (Expiration doesn't
> Sure. Make it also --debug-ignore-expiration and for gpg2 (backporting
> it then is easy).
Okay. I guess I need some form for my employer. Would you send it to
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the Gnupg-users