This is totally legit and how PGP should work but it's the difference between key expiration and key revocation. Imagine having an identity token tied to a single key, that could be extended even after it expired... If you possessed the key. 🤨
Conversation
Replying to
The way it should work is having support for transparent key rotation authorized by the previous key rather than continuing to use the same key longer.