On 16 Feb, 2012, at 3:30 AM, Bodo Moeller wrote:
> On Thu, Feb 16, 2012 at 12:05 PM, Werner Koch <[email protected]> wrote:
>
> You are right that RFC4880 does not demand that the key expiration date
> is put into a hashed subpacket. But not doing so would be stupid.
>
> I call it a "protocol failure", you call it "stupid", but Jon calls it a
> "feature" (http://article.gmane.org/gmane.ietf.openpgp/4557/).
That's not what I said. Or perhaps not what I meant.
I think it is indeed a feature that the expiry is a part of the certification,
not part an intrinsic property of the key material. That permits you to do very
cool things like rolling certification lifetimes.
Putting that into an unhashed packet is stupid, as Werner said.
Jon
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
