-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 15:40 2005-06-07, you wrote: >On Mon, 6 Jun 2005 12:20:33 -0400, Anonymous said: > >> #2. A statement that you trust that the UID accurately reflects the >> true ownership of the key. > >I just wonder how to decide how long this ownership is valid. A year, >a month, a day, a minute or even already void in the past? The owner >usually can't and you can't for sure give any reasonable estimation. > > >Salam-Shalom, > > Werner > True, but it might be convenient anyhow. The shorter the time, the safer the guess!
One way is to assume that the key is attacked immediately and that all the security is in the passphrase. Make an estimation of the strength of the passphrase and you are done! Issuers of X509 certificates use 1 year for soft certificates and 5 years for card certificates. I don't know their calculations behind that decision. Per Tunedal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) - GPGrelay v0.959 Comment: Vad är en PGP-signatur? www.clipanish.com/PGP/pgp.html iD8DBQFCpjkspPsTvNtsBX8RAkMIAJ0a/27Fg8SRJx0HG29SJLPJVJWEjwCeJbcs CCkpCFuC2uy/Vnxri/hGGv0= =95EY -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users