RFC on issue 2701, default expiration time for new keys

Peter Lebbing peter at digitalbrains.com
Fri Dec 9 19:20:33 CET 2016

On 09/12/16 15:29, Ximin Luo wrote:
> No, some people like to split their secret master keys and subkeys.

I'm pretty sure expirations and revocations are signed by the primary
key, also expirations and revocations of subkeys.

So if you happen to lose access to the private key material of a subkey,
you can revoke or expire it on the spot, with the primary key.

If you say "we should have expiries to cope with the fact that you can't
revoke anymore once you lose access to the private key", I think that is
purely related to losing access to the primary key. I don't see the
purpose of putting an expiry on a subkey in this use case. Obviously
there can be other reasons to put expiries on subkeys, but are they
within scope of this discussion?


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

More information about the Gnupg-devel mailing list