expire function
David Shaw
dshaw at jabberwocky.com
Mon Dec 20 17:39:31 CET 2004
On Mon, Dec 20, 2004 at 02:12:21PM +0000, Neil Williams wrote:
> On Monday 20 December 2004 12:43 pm, Michael Kirchner wrote:
> > Perhaps you might enlighten me: is there an special security problem
> > connected to a yearly expire and reissuing of my keys?
>
> You lose all your signatures and therefore trust.
>
> One alternative is to issue a unlimited expiry main key with a
> subkey that expires. You need to then use updated keyservers and
> you'll get people asking why they cannot get/use your key.
Ah, what a perfect opening to talk about the new 1.4 features to help
with the keyserver problem!
1.4 has the ability to embed a URL in a key or signature to tell
people which keyserver the key owner prefers to keep his key on. The
URL can even be a web page or finger file so people don't even have to
use keyservers at all.
I'll send a longer writeup to this list.
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 250 bytes
Desc: not available
Url : /pipermail/attachments/20041220/0c633442/attachment.bin
More information about the Gnupg-users
mailing list