From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Sun, 7 Jan 1996 15:22:47 +0800
To: CPunks <cypherpunks@toad.com>
Subject: Re: Revoking Old Lost Keys
Message-ID: <199601070714.CAA02909@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 05 Jan 1996 23:07:19 -0800, Bruce Baugh <bruceab@teleport.com>
wrote:

>I'd like to bring up a problem I haven't seen addressed much yet, and which
>I think is going to come up with increasing frequency as PGP use spreads.

>The problem is this: how can one spread the word that an old key is no
>longer to be used when one no longer has the pass phrase, and cannot
>therefore create a revocation certificate?

[..]

Keys should have built-in expiration dates (adjustable by the user
manually the way one would change their user-id, passphrase, etc.)

PGP should give a warning when the key passes the expiration date. It
should not prevent you from using it, but should remind you that the
key is rather old, and that the owner may have moved, etc.

Users who want to extend the life of their keys should send special
certificates (at least once a year or every other year?) that tell
keyservers and those with copies of their public keys that the key is
still being used, and to update the expiration time.

Comments?

--Rob