Re: draft-ietf-openpgp-rfc2440bis-06.txt

Werner Koch <> Sat, 21 September 2002 10:12 UTC

Received: from ( []) by (8.9.1a/8.9.1a) with ESMTP id GAA08378 for <>; Sat, 21 Sep 2002 06:12:32 -0400 (EDT)
Received: by (8.11.6/8.11.3) id g8LA2E808794 for ietf-openpgp-bks; Sat, 21 Sep 2002 03:02:14 -0700 (PDT)
Received: from ( []) by (8.11.6/8.11.3) with ESMTP id g8LA28k08772 for <>; Sat, 21 Sep 2002 03:02:09 -0700 (PDT)
Received: from uucp by with local-rmail (Exim 3.32 #1 (Debian)) id 17siN8-0004Gx-00; Sat, 21 Sep 2002 13:24:26 +0200
Received: from wk by with local (Exim 3.35 #1 (Debian)) id 17sh2o-0002Ge-00; Sat, 21 Sep 2002 11:59:22 +0200
To: Jon Callas <>
Cc: Bodo Moeller <>, OpenPGP <>
Subject: Re: draft-ietf-openpgp-rfc2440bis-06.txt
References: <>
From: Werner Koch <>
X-PGP-KeyID: 621CC013
X-Request-PGP: finger://
Organisation: g10 Code GmbH
Date: Sat, 21 Sep 2002 11:59:22 +0200
In-Reply-To: <> (Jon Callas's message of "Fri, 20 Sep 2002 23:09:23 -0700")
Message-ID: <>
Lines: 25
User-Agent: Gnus/5.090008 (Oort Gnus v0.08) Emacs/20.7 (i386-debian-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Precedence: bulk
List-Archive: <>
List-Unsubscribe: <>
List-ID: <>

On Fri, 20 Sep 2002 23:09:23 -0700, Jon Callas said:

> My opinion (still) is that it isn't a bug, it's a feature. I want someday to
> make keys that have short-lived self-signatures on them that are regularly

I fully agree.  Furthermore, due to the possibility to set an
expiration date on a key signatature, a "CA" gains the same effect as
with an expiration date on the key.  It is about what a trusted
authority sees as a sound expiration date.  This may either be a key
signator by using the signature expiration time or the key owner by
setting the expiration date on his key signatures (self-signature).

PGP has the tradtion to to let the user decide and not some other
entity.  With the OpenPGP model the user is even free to ask a CA to
set an expiration date on their key signature.  

By default GnuPG uses the expiration date of the self-signature as the
one for a key signature.  This is on Florian Weimer's request and afaik
is sufficient for him and his use of the PGP PKI.