Mailing List Archive

>
> I generated a key pair with --gen-key and set an expire date on my
> key. The UID is "Mario Moder <moderm@gmx.net>". When I send my public
> key to a keyserver or to some persons and the key will expire on the
> specified date, what will happen? Do I have to generate a new key
> pair? Can I use the same (Mario Moder <moderm@gmx.net>) User ID then
> (I don't want to change my email-address)? Or can I simply set a new
> expire date and then sent my (old) key (with the new date) to a
> keyserver again?

Same here. I also would like to know why I should have a expire date
on my keys at all..



--
Thomas Zander zander@microweb.nl
History repeats itself, it has to, nobody ever listens

> ----- Forwarded message from Mario Moder <moderm@gmx.net> -----

> key to a keyserver or to some persons and the key will expire on the
> specified date, what will happen? Do I have to generate a new key

An expired key is not trusted anymore; that it will not be used
to validate a key in the wen of trust.

If you try to use such a key, you will get a note that the key has
expired.

> pair? Can I use the same (Mario Moder <moderm@gmx.net>) User ID then

Yes - you will get a new keyid if you generate a new key.

> (I don't want to change my email-address)? Or can I simply set a new
> expire date and then sent my (old) key (with the new date) to a

This is a new feature of OpenPGP and IMHO not very well thought. It is
okay, that the expire date is not anymore on the key direct but on a
signature, so that it is indeed possible to change the expire date -
but is should be on a direct key signature. The RFC does not tell
very much about expire dates.

For CAs the expire date is a must.

Not using an expire date is okay - you have always the chance to issue
a revocation certificate. The advantage of the expire date is that it
is bound to the public key and therefore instantly available.


--
Werner Koch at guug.de www.openIT.de keyid 621CC013