1996-01-07 - Re: Revoking Old Lost Keys

Header Data

From: Adam Shostack <adam@lighthouse.homeport.org>
To: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Message Hash: 6a2ee6c6f211b5b5d38b6da2e2b7e37f28054679aa1e4440fd0fd13b7d3346b4
Message ID: <199601071814.NAA04825@homeport.org>
Reply To: <199601070714.CAA02909@UNiX.asb.com>
UTC Datetime: 1996-01-07 18:36:11 UTC
Raw Date: Mon, 8 Jan 1996 02:36:11 +0800

Raw message

From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Mon, 8 Jan 1996 02:36:11 +0800
To: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Subject: Re: Revoking Old Lost Keys
In-Reply-To: <199601070714.CAA02909@UNiX.asb.com>
Message-ID: <199601071814.NAA04825@homeport.org>
MIME-Version: 1.0
Content-Type: text


Mutatis Mutantdis wrote:

| PGP should give a warning when the key passes the expiration date. It
| should not prevent you from using it, but should remind you that the
| key is rather old, and that the owner may have moved, etc.
| 
| Users who want to extend the life of their keys should send special
| certificates (at least once a year or every other year?) that tell
| keyservers and those with copies of their public keys that the key is
| still being used, and to update the expiration time.

	Expire should mean expire, i.e., no longer valid, useful or
useable.  If you want to have a 'depreciated after' and an expire
date, that might be useful, but it seems more like feeping creaturitis
to me.  It adds bulk to every key, when a better solution would be to
have keys automatically deprecitated some time before they are due to
expire.

	Also, the ability to extend the life of a key is fraught with
danger.  The longer a key is around, the more likely it is to become
comprimised.  The user might not be aware that the key is comprimised.
Better to have an unchangeable date.  (On a more technical level,
allowing users to change the expiry date on a key means that the key's
expiry date is not signed by the signatories, and an opponent who
comprimised a key could simply change the expiry date on that key and
send it to the servers, so that it would continue to be used, and your
opponent could continue to read all your communications.)

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






Thread