Am Mi 04.12.2013, 00:39:46 schrieb Johannes Zarl: > Isn't that just a false sense of security? After all, if the key has been > compromised, the attacker can just prolong the validity
He could but he would need the secret mainkey for that operation and... > > but we all love our highly secure offline mainkeys, don't we? ...keys without offline mainkey on insecure systems are a security joke anyway. > that the owner can just issue a revocation certificate It may be possible to prevent someone from seeing the revocation certificate. Certificate distribution is a lot less secure than the keys themselves. But you cannot trick someone into using an expired key. > So in summary, the short validity period is essentially a reminder for > people to regularly check whether the key has been revoked. And besides security: It allows detection of dead keys on the keyservers. Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
