gnupg and subkeys

Adrian 'Dagurashibanipal' von Bidder avbidder at
Tue Jan 7 21:54:02 CET 2003

On Tue, 2003-01-07 at 21:20, David Shaw wrote:
> On Tue, Jan 07, 2003 at 09:03:58PM +0100, Adrian 'Dagurashibanipal' von Bidder wrote:
> > I have updated my document about multiple subkeys
> > ( to gpg 1.2.1. There still are a few quirks,
> > mostly it's just that the user interface could be better:
> > 
> >  * subkey creation: should offer to expire the subkey at the same time
> > as the primary, if the primary has an expiry date set. (To discuss:
> > should gpg forbid (except with --expert) creating subkeys that live
> > longer than the primary?).
> By definition, no subkey can live longer than the primary.  Even if
> you create a subkey with a longer expiration date, it'll expire when
> the primary does.

As the lifetime of the primary can be extended, there may well be
reasons to set an expiration date on the subkey that is in the future
from the exp date on the primary. OTOH, the lifetime of the subkey may
be extended, too.

-- vbi

this email is protected by a digital signature:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 320 bytes
Desc: This is a digitally signed message part
Url : /pipermail/attachments/20030107/799a6f2e/attachment.bin

More information about the Gnupg-devel mailing list