RFC on issue 2701, default expiration time for new keys

Peter Lebbing peter at digitalbrains.com
Wed Dec 7 18:15:04 CET 2016

On 07/12/16 14:33, ilf wrote:
> The "OpenPGP best practices" document currently sais "less than two years":
> https://riseup.net/en/security/message-security/openpgp/best-practices#use-an-expiration-date-less-than-two-years

I'd not say "THE best practices document", but rather "A RANDOM best practices
document someone wrote". There are lots of those, and can freely be ignored, IMNSHO.

This document also recommends creating a 4K RSA key. And it complicates matters
by strongly recommending installing parcimonie and Tor over just using
--refresh-keys. That's one more hurdle for users to overcome in an already very
complicated matter, and as such, IMNSHO, it is actually hindering user adoption.

FWIW, I agree with Kristian, make it several years. Of course, you can also
freely ignore me :-P.


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

More information about the Gnupg-devel mailing list