On 9/15/14 2:26 PM, Werner Koch wrote:
On Mon, 15 Sep 2014 21:22, [email protected] said:
Imagine this scenario ... Alice sets an expiration date on her key
because she knows that after that expiration date her key is:
0. Deleted to achieve some forward secrecy.
Yeah, I'm sure there are other scenarios I was not smart enough to
consider. :)
Actually the sematics of an expired (sub)key may come from the 1999 or
so idea of adding features to mitigate the effect of the UK RIP act (or
whatever it is called now).
Wow, blast from the past. :) It's not clear to me how you're tying
those 2 things together though.
Meanwhile, I left out of my previous post my overwhelming dislike of the
expiration date feature. :) Robert has a really good point about GnuPG
not providing policy, and unfortunately a lot of users see the
"expiration date knob" and cannot resist the urge to twist it, without
understanding what it means, or why it should (or should not be) used,
or in many cases even that they themselves can extend the expiration
date if they choose to.
Frankly I wish the option had never been added to the spec, but
(thankfully) I'm not in charge. :)
Doug
_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
