Ignoring expiration dates

Florian Weimer fweimer at bfk.de
Wed Jan 2 15:39:56 CET 2008


* Werner Koch:

> On Wed,  2 Jan 2008 13:53, fweimer at bfk.de said:
>
>> Oh well, this is a bit counterintuitive because the expiration time is
>> a hard fact in X.509, and rather fuzzy in OpenPG.
>
> I don't agree that it is fuzzy in OpenPGP; it is well defined.

For v3 keys, it is, but not for v4 keys.  Implementations are free to
take the minimum or maximum of the expiration date over all available
self-signatures.  After all, OpenPGP is just a format spec, and
doesn't say much about semantics.

Actually, this is a very old discussion.  I've come to accept that
it's okay to choose the maximum, but I still don't buy that's the only
choice.  8-)

>> Would you accept a patch, even if it's a kludge?  (Expiration doesn't
>
> Sure.  Make it also --debug-ignore-expiration and for gpg2 (backporting
> it then is easy).

Okay.  I guess I need some form for my employer.  Would you send it to
me, please?

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99



More information about the Gnupg-users mailing list