Gnupg-devel Digest, Vol 159, Issue 9
Kenneth Benson
phoenyx33 at gmail.com
Wed Dec 7 19:54:19 CET 2016
On 12/7/2016 8:16 AM, gnupg-devel-request at gnupg.org wrote:
Subject:
Re: RFC on issue 2701, default expiration time for new keys
From:
Kristian Fiskerstrand <kristian.fiskerstrand at sumptuouscapital.com>
Date:
12/7/2016 8:16 AM
To:
gnupg-devel at gnupg.org,Justus Winter <justus at g10code.com>
On December 7, 2016 1:23:42 PM GMT+01:00, Justus Winter
<justus at g10code.com> wrote:
> Hello,
>
> inspired by the talk on OpenKeychain UX decisions at the OpenPGP
> conference, I decided that it is a bad idea to let users create
> keys that don't expire (unless they want to hang themself with
> --expert).
>
> This now begs the question what a good default expiration time is.
> Thoughts?
Not really any research behind it, but intuition says 2-3 years. Not
so short users run into issues before familiar but short enough for it
to be worth something.
>
> Relevant bug: https://bugs.gnupg.org/gnupg/issue2701
>
>
> Justus
--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP certificate at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
>
Just my 2-cents worth, but making it 3 years would tie in nicely with
the normal expiration on email signing certificates. It would serve as
a reminder to update both at the same time for those people who use
both. But it is my 2-cents worth so feel free to ignore it, I won't
worry it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3946 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20161207/7ae7f151/attachment.bin>
More information about the Gnupg-devel
mailing list