1996-01-07 - Re: Revoking Old Lost Keys
Header Data
From: “Deranged Mutant” <WlkngOwl@UNiX.asb.com>
To: Adam Shostack <cypherpunks@toad.com>
Message Hash: 57d3a7bb28b1c4797273a93d6b4e5839e89776a4b12a03412da07833da1458f8
Message ID: <199601072144.QAA06839@UNiX.asb.com>
Reply To: N/A
UTC Datetime: 1996-01-07 21:54:51 UTC
Raw Date: Mon, 8 Jan 1996 05:54:51 +0800
Raw message
From: "Deranged Mutant" <WlkngOwl@UNiX.asb.com>
Date: Mon, 8 Jan 1996 05:54:51 +0800
To: Adam Shostack <cypherpunks@toad.com>
Subject: Re: Revoking Old Lost Keys
Message-ID: <199601072144.QAA06839@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain
Adam Shostack <adam@lighthouse.homeport.org> wrote:
I wrote:
> | PGP should give a warning when the key passes the expiration date. It
> | should not prevent you from using it, but should remind you that the
> | key is rather old, and that the owner may have moved, etc.
[..]
> Expire should mean expire, i.e., no longer valid, useful or
> useable. If you want to have a 'depreciated after' and an expire
> date, that might be useful, but it seems more like feeping creaturitis
> to me. It adds bulk to every key, when a better solution would be to
> have keys automatically deprecitated some time before they are due to
> expire.
The reason I think a warning option is good (really, 1 bit bit flag
for warn rather than kill... that's "bulk" to every key?) is so that
if for whatever reason the key is used (say I am unable to get a
newer key for you but really need to send you a private message) I
have something to use... and you, if you choose to hold onto old
keys, can decrypt it. If not, the sender was warned.
> Also, the ability to extend the life of a key is fraught with
> danger. The longer a key is around, the more likely it is to become
> comprimised. The user might not be aware that the key is comprimised.
> Better to have an unchangeable date. (On a more technical level,
> allowing users to change the expiry date on a key means that the key's
> expiry date is not signed by the signatories, and an opponent who
> comprimised a key could simply change the expiry date on that key and
> send it to the servers, so that it would continue to be used, and your
> opponent could continue to read all your communications.)
>
> Adam
>
> --
> "It is seldom that liberty of any kind is lost all at once."
> -Hume
>
>
>
--- "Mutant" Rob <wlkngowl@unix.asb.com>
Send a blank message with the subject "send pgp-key"
(not in quotes) for a copy of my PGP key.
Thread
Return to January 1996
- Return to “Adam Shostack <adam@lighthouse.homeport.org>”
Return to ““Deranged Mutant” <WlkngOwl@UNiX.asb.com>”
- 1996-01-07 (Mon, 8 Jan 1996 05:54:51 +0800) - Re: Revoking Old Lost Keys - “Deranged Mutant” <WlkngOwl@UNiX.asb.com>
- 1996-01-07 (Mon, 8 Jan 1996 06:11:37 +0800) - Re: Revoking Old Lost Keys - Adam Shostack <adam@lighthouse.homeport.org>