From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Mon, 8 Jan 1996 06:11:37 +0800
To: WlkngOwl@unix.asb.com (Deranged Mutant)
Subject: Re: Revoking Old Lost Keys
In-Reply-To: <199601072144.QAA06839@UNiX.asb.com>
Message-ID: <199601072153.QAA11487@homeport.org>
MIME-Version: 1.0
Content-Type: text


I was thinking of two dates, an expire and a warn.  Admittedly, adding
a few bytes to a key is not a big deal, but neither is the gain from a
warn and expire date.  If you want to be able to set a bit for 'use
after expire,' I would see that as a reasonable thing.

Adam

Deranged Mutant wrote:

| Adam Shostack <adam@lighthouse.homeport.org> wrote:
| 
| DM wrote:
| 
| > | PGP should give a warning when the key passes the expiration date. It
| > | should not prevent you from using it, but should remind you that the
| > | key is rather old, and that the owner may have moved, etc.
| [..]
| > 	Expire should mean expire, i.e., no longer valid, useful or
| > useable.  If you want to have a 'depreciated after' and an expire
| > date, that might be useful, but it seems more like feeping creaturitis
| > to me.  It adds bulk to every key, when a better solution would be to
| > have keys automatically deprecitated some time before they are due to
| > expire.
| 
| The reason I think a warning option is good (really, 1 bit bit flag 
| for warn rather than kill... that's "bulk" to every key?) is so that 
| if for whatever reason the key is used (say I am unable to get a 
| newer key for you but really need to send you a private message) I 
| have something to use... and you, if you choose to hold onto old 
| keys, can decrypt it.  If not, the sender was warned.



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume