RFC on issue 2701, default expiration time for new keys
ilf
ilf at zeromail.org
Wed Dec 7 14:33:29 CET 2016
Justus Winter:
> I decided that it is a bad idea to let users create keys that don't
> expire (unless they want to hang themself with --expert).
Nice!
> This now begs the question what a good default expiration time is.
The "OpenPGP best practices" document currently sais "less than two
years":
https://riseup.net/en/security/message-security/openpgp/best-practices#use-an-expiration-date-less-than-two-years
I would propose one or two years, but that's without hard data. I'm sure
dkg will come up not only with the correct time, but also the right
reasons. :)
--
ilf
Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
-- Eine Initiative des Bundesamtes für Tastaturbenutzung
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: </pipermail/attachments/20161207/09fd3381/attachment.sig>
More information about the Gnupg-devel
mailing list