Retaining expired sigs

Fri Mar 18 18:30:32 CET 2005

On Thu, Mar 17, 2005 at 11:35:20PM -0500, David Shaw wrote:

> All I care is that both signatures have since expired, and are
> therefore irrelevant to me.  To say nothing of the fact that anyone
> who thinks that OpenPGP has strong date semantics - and bases their
> behavior on that - is fooling themselves in a wonderfully large way.

Your point is unclear.  Unless revocation and signature targets are
specified, dates are used to determine which signatures revoke/modify/
supercede other (chronologically earlier) signatures by the same issuer.
Unsynchronized clocks are unfortunate, yes, but we still generally must
take timestamps at face value.

> It is not good design to hamper the majority of users to please the
> minority of users who like to calculate key signing statistics.  In

Everyone who feels expiring signatures hamper their keys should
raise the issue with those generating such burdensome signatures.

Furthermore, I don't see a lot of difference between expired signatures
and superceded signatures, yet GPG doesn't (currently) throw away the
latter:

  pub   1024D/B56165AA 2003-02-22
  uid                  Darren Chamberlain
  sig!3        B56165AA 2003-09-24  Darren Chamberlain
  sig!3        B56165AA 2003-02-26  Darren Chamberlain
  sig!3        B56165AA 2003-02-26  Darren Chamberlain

-- 
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 309 bytes
Desc: not available
Url : /pipermail/attachments/20050318/20d09ad9/attachment.pgp