Gnupg-devel Digest, Vol 159, Issue 9

Kenneth Benson phoenyx33 at
Wed Dec 7 19:54:19 CET 2016

On 12/7/2016 8:16 AM, gnupg-devel-request at wrote:
Re: RFC on issue 2701, default expiration time for new keys
Kristian Fiskerstrand <kristian.fiskerstrand at>
12/7/2016 8:16 AM
gnupg-devel at,Justus Winter <justus at>

On December 7, 2016 1:23:42 PM GMT+01:00, Justus Winter
<justus at> wrote:
> Hello,
> inspired by the talk on OpenKeychain UX decisions at the OpenPGP 
> conference,  I decided that it is a bad idea to let users create 
> keys that don't expire (unless they want to hang themself with 
> --expert).
> This now begs the question what a good default expiration time is.
>  Thoughts?

Not really any research behind it, but intuition says 2-3 years. Not
so short users run into issues before familiar but short enough for it
to be worth something.

> Relevant bug:
> Justus

Kristian Fiskerstrand
Twitter: @krifisk
Public OpenPGP certificate at hkp://
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

Just my 2-cents worth, but making it 3 years would tie in nicely with
the normal expiration on email signing certificates. It would serve as
a reminder to update both at the same time for those people who use
both. But it is my 2-cents worth so feel free to ignore it, I won't
worry it.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3946 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20161207/7ae7f151/attachment.bin>

More information about the Gnupg-devel mailing list