[7763] in cryptography@c2.net mail archive
Re: reflecting on PGP, keyservers, and the Web of Trust
daemon@ATHENA.MIT.EDU (Ben Laurie)
Wed Sep 6 10:26:34 2000
Message-ID: <39B6075A.5ACA0AE2@algroup.co.uk>
Date: Wed, 06 Sep 2000 09:59:06 +0100
From: Ben Laurie <ben@algroup.co.uk>
MIME-Version: 1.0
To: Ray Dillinger <bear@sonic.net>
Cc: David Honig <honig@sprynet.com>, "P.J. Ponder" <ponder@freenet.tlh.fl.us>,
Dan Geer <geer@world.std.com>, cryptography@c2.net
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Ray Dillinger wrote:
>
> On Tue, 5 Sep 2000, David Honig wrote:
>
> > The more hard-core distribute keys to previously known
> >parties on physical media, only.
> >
>
> I have long felt that PGP missed a trick when it didn't have
> automatic expiry for keys -- It should be possible to build
> into each key an expiration date, fixed at the time of its
> creation. For shorter keys, it ought to default to expiring
> sooner, and not allow expiry more than a year or two out.
> For a 2048 bit key, it ought to default to something like 10
> years and let you pick a term up to a century.
>
> This would solve one of the biggest problems -- old keys that
> should long since have expired but which go right on getting
> used.
ftp://ftp.ietf.org/internet-drafts/draft-brown-pgp-pfs-01.txt
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
Coming to ApacheCon Europe 2000? http://apachecon.com/
