Re: draft-ietf-openpgp-rfc2440bis-06.txt

Jon Callas <jon@callas.org> Sat, 21 September 2002 18:34 UTC

Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA15525 for <openpgp-archive@lists.ietf.org>; Sat, 21 Sep 2002 14:34:58 -0400 (EDT)
Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id g8LIKqB00785 for ietf-openpgp-bks; Sat, 21 Sep 2002 11:20:52 -0700 (PDT)
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g8LIKpo00777 for <ietf-openpgp@imc.org>; Sat, 21 Sep 2002 11:20:51 -0700 (PDT)
Received: from [63.73.97.180] (63.73.97.165) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.1.2) for <ietf-openpgp@imc.org>; Sat, 21 Sep 2002 11:20:49 -0700
User-Agent: Microsoft-Entourage/10.1.0.2006
Date: Sat, 21 Sep 2002 11:20:49 -0700
Subject: Re: draft-ietf-openpgp-rfc2440bis-06.txt
From: Jon Callas <jon@callas.org>
To: OpenPGP <ietf-openpgp@imc.org>
Message-ID: <B9B20691.966A%jon@callas.org>
In-Reply-To: <m17siAV-000QdtC@epsilon>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit

On 9/21/02 4:11 AM, "Bodo Moeller" <moeller@cdc.informatik.tu-darmstadt.de>;
wrote:

> Jon Callas <jon@callas.org>;:
>> "Bodo Moeller" <moeller@cdc.informatik.tu-darmstadt.de>;:
> 
>>> Here's the yearly reminder on the OpenPGP key expiration protocol failure.
>>> 
>>> http://www.imc.org/ietf-openpgp/mail-archive/msg02374.html
>>> http://www.imc.org/ietf-openpgp/mail-archive/msg02848.html
>>> http://www.imc.org/ietf-openpgp/mail-archive/msg03693.html
> 
>> My opinion (still) is that it isn't a bug, it's a feature. I want someday to
>> make keys that have short-lived self-signatures on them that are regularly
>> renewed, [...]
> 
> You are talking about subkeys (encryption subkeys, presumably -- in
> the case of signature keys, you can simply stop using them without
> having announced so in advance).  If you want to regularly renew your
> subkeys, then set appropriate expiration times for these subkeys.
> 
> I am talking about main keys, not subkeys.  Simply don't set an
> expiration time for the signing key if you want to be able to continue
> to use it indefinitely.
> 

So am I. I'm talking about main keys.

I have a vision where my program might (for example) re-create my
self-signature every day with a 48-hour expiration, and upload it to the
server.

OpenPGP has a policy that in the base specification, we permit a variety of
trust models and do not require one; we provide a language that is robust
enough to support all these trust models.

    Jon