>> > 4. Expiration date on key and all subkeys set to at most 2 years >> >> -at most 2 years. >> +at most 2 years from generation or refresh of expiry. > >Now, this won't really work because it's self-propagating date. You're >soon going to see keys with 10 years to expiration because if you >update >the date 5 times from 'refresh of expiry', that's what you get. > >I get what you're trying to say but I can't really think of a sane way >of stating that. Maybe I should just explicitly state '(plus the >period >specified in point 5)'.
“The expiry date of the key shall never be more than two years in the future”? -- Christopher Head
signature.asc
Description: PGP signature
