On Wednesday, June 20, 2018 10:25:25 PM Ben Finney wrote: > In other words: Yes, it's inconvenient, but it's because *no one can > know* with confidence any more whether that key has been compromised.
Well, I should study up more on keys and expiration, but isn't the situation much the same before the key expires? I mean, the issuer / owner of the key really doesn't know whether the key has been compromised? (There might be / probably is less chance it has been compromised (in congruence with your last paragraph, quoted below), but, the person that breaks a key doesn't report to the owner that he has done so ;-) > So that does put it into the same category as “who the hell knows > whether this signature is associated with the key owner”. > > That's just a fact that follows from the finite lifetime of the security > of a given key. The longer it's been out there, the larger the window > for compromise; and we're now outside the window where the key owner > warrants to still be in control of that key. Don't trust whatever > signatures you find with that key any more.
