Re: reflecting on PGP, keyservers, and the Web of Trust

[Ben Laurie]

Ray Dillinger wrote:
> 
> On Tue, 5 Sep 2000, David Honig wrote:
> 
> >  The more hard-core distribute keys to previously known
> >parties on physical media, only.
> >
> 
> I have long felt that PGP missed a trick when it didn't have
> automatic expiry for keys -- It should be possible to build
> into each key an expiration date, fixed at the time of its
> creation.  For shorter keys, it ought to default to expiring
> sooner, and not allow expiry more than a year or two out.
> For a 2048 bit key, it ought to default to something like 10
> years and let you pick a term up to a century.
> 
> This would solve one of the biggest problems -- old keys that
> should long since have expired but which go right on getting
> used.

ftp://ftp.ietf.org/internet-drafts/draft-brown-pgp-pfs-01.txt

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

Coming to ApacheCon Europe 2000? http://apachecon.com/