Differences

This shows you the differences between two versions of the page.

--- pgpfan:expire [2023/09/20 15:17] – [What does key expiry mean to the user?] good example b.walzer
+++ pgpfan:expire [2026/03/10 19:06] (current) – [Cleaning up old keys] Shouldn't assume that reader shares my assumptions. b.walzer
@@ Line 135: / Line 135: @@
 This is easier than key expiry and could be made into a one shot command with no required parameters.
-So the operators of a PGP key server could announce that they would delete older PGP identities based on this creation date. They could even send out reminder messages based on the embedded email address. If an identity ended up being deleted, the user's system would continue to operate based on the keys that existed at the end points. The result would be less surprising.
+So the operators of a PGP key server could announce that they would delete older PGP identities based on this creation date. They might be able to send out reminder messages based on the embedded email address in some cases. If an identity ended up being deleted, the user's system would continue to operate based on the keys that existed at the end points. The result would be less surprising.
+My suggested scheme would require that key servers reject submitted keys with creation dates in the future. In the same sort of way, a scheme based on key expiry would have to reject keys with expiry dates too far in the future. That would create an awkward and not very transparent requirement for the user.
+If there were multiple key IDs then obviously the newest would be used.
 Doing things in terms of the age of the identity allows the entity that actually cares about old identities to decide on the retention period as opposed to the owner of the identity who has no reason to care. The concept of bringing the identity up to date is more straightforward for the user than getting them involved in deciding on an expiry date.