RFC on issue 2701, default expiration time for new keys

Dominik Schuermann dominik at dominikschuermann.de
Wed Dec 14 12:49:00 CET 2016


On 12/12/2016 10:48 AM, Justus Winter wrote:
> Tobias Mueller <muelli at cryptobitch.de> writes:
> 
>> On Wed, Dec 07, 2016 at 01:23:42PM +0100, Justus Winter wrote:
>> What does OpenKeychain do?
> 
> Hard to tell, I just tried to create a new key, and I have not been
> asked for an expiration time on the master key, nor have I found a way
> to view the expiration time of existing master keys.  It is possible to
> configure expiration times for the subkeys, which do not expire by
> default.

The first key displayed in Advanced->Subkeys is the master key. We
haven't put much time into the advanced screen design.

Currently, OpenKeychain does not set an expiration date by default. We
wrote down our design decisions here:
https://github.com/open-keychain/open-keychain/wiki/OpenPGP-Security#no-expiry-for-keys-created-by-openkeychain

We are not fully convinced by our own arguments :). Maybe we will switch
to a mechanism were an expiration date is set and extended automatically
in the background. This would let the key expire automatically from the
point on where OpenKeychain is no longer installed. We are open on input
on this matter.

Cheers
Dominik

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20161214/2bbdeebc/attachment.sig>


More information about the Gnupg-devel mailing list