> > Isn't this a self-signature? > Oh, in this case it's a self-signature. Werner, the problem (aka feature) is that expiry according to self-signatures isn't carried forward into third-party certification signatures -- so if an attacker gets hold of the (not-so-)private key, the attacker can just extend the key lifetime as needed. (This is unlike with the original V3 format where certifications necessarily cover the expiry date, and unlike X.509 where certifications always come with *some* notAfter date.)
Bodo
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
