The Call of the Open Sidewalk

From a place slightly to the side of the more popular path

User Tools

Site Tools

pgpfan:expire

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
pgpfan:expire [2023/09/19 13:02] – [Cryptography expiry] Slightly better grammar b.walzerpgpfan:expire [2023/09/20 15:17] (current) – [What does key expiry mean to the user?] good example b.walzer
Line 24: Line 24:
 A signing key allows a user to produce a signature that authenticates a message or document or a software archive in some context dependent way. A signing key allows a user to produce a signature that authenticates a message or document or a software archive in some context dependent way.
  
-I am not really sure what expiry could mean for the case of loss of the secret part of the key. In a paper context, a signature or seal is still considered valid even if the technical means to create such marks no longer exists. Even if you lose your pen or stamp, signatures made with the pen or stamp are still binding and relevant. In a PGP context, only the public part of the key is required to verify a signature. Expiring that public part seems arbitrary and pointless. It would just be confusing if all the already received email from a particular correspondent suddenly started showing up as anonymous (unsigned). It would make no sense for a signed software archive to suddenly be not signed. Signing key expiry goes against normal cultural assumption.+I am not really sure what expiry could mean for the case of loss of the secret part of the key. In a paper context, a signature or seal is still considered valid even if the technical means to create such marks no longer exists. Even if you lose your pen or stamp, signatures made with the pen or stamp are still binding and relevant. In a PGP context, only the public part of the key is required to verify a signature. Expiring that public part seems arbitrary and pointless. It would just be confusing if all the already received email from a particular correspondent suddenly started showing up as anonymous (unsigned). It would make no sense for a signed software archive to suddenly be not signed((Here a user asks if signing key expiry is a problem and receives no definite answer: [[https://lists.gnupg.org/pipermail/gnupg-users/2023-August/066668.html|nPth signature]])). Signing key expiry goes against normal cultural assumption.
  
 It might make sense for implementations to ignore expiry dates on keys used for verifying a signature and thus avoid the question of meaning in the first place. It might make sense for implementations to ignore expiry dates on keys used for verifying a signature and thus avoid the question of meaning in the first place.
pgpfan/expire.1695128546.txt.gz · Last modified: 2023/09/19 13:02 by b.walzer