gnupg and subkeys
David Shaw
dshaw at jabberwocky.com
Tue Jan 7 22:09:02 CET 2003
On Tue, Jan 07, 2003 at 09:54:54PM +0100, Adrian 'Dagurashibanipal' von Bidder wrote:
> On Tue, 2003-01-07 at 21:20, David Shaw wrote:
> > On Tue, Jan 07, 2003 at 09:03:58PM +0100, Adrian 'Dagurashibanipal' von Bidder wrote:
> >
> > > I have updated my document about multiple subkeys
> > > (http://fortytwo.ch/subkeys) to gpg 1.2.1. There still are a few quirks,
> > > mostly it's just that the user interface could be better:
> > >
> > > * subkey creation: should offer to expire the subkey at the same time
> > > as the primary, if the primary has an expiry date set. (To discuss:
> > > should gpg forbid (except with --expert) creating subkeys that live
> > > longer than the primary?).
> >
> > By definition, no subkey can live longer than the primary. Even if
> > you create a subkey with a longer expiration date, it'll expire when
> > the primary does.
>
> As the lifetime of the primary can be extended, there may well be
> reasons to set an expiration date on the subkey that is in the future
> from the exp date on the primary.
Sure, so long as the user doesn't think it extends anything.
> OTOH, the lifetime of the subkey may be extended, too.
True, but not practically useful. After extending the subkey
lifetime, you'd have to re-distribute your key.... and since you are
re-distributing the key, you may as well make a new subkey. Still,
GnuPG does allow you to do it if you want to.
David
--
David Shaw | dshaw at jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
More information about the Gnupg-devel
mailing list