Key lifetime

Stefan H. Holek stefan@epy.co.at
Thu, 8 Jun 2000 22:43:17 +0200 (CEST)


On Thu, 8 Jun 2000, L. Sassaman wrote:


> The longer the lifetime of a key, the more likely the key is to be
> compromised. If you chose to retire a key, be sure to link your new key
> with the old by signing it with the old before the old key expires.
Does this mean an expired key can still be used for computing trust?
> Note that you can make use of the fact that multiple subkeys are permitted
> in OpenPGP to address this issue partially: you expire your encryption
> keys, but keep your signing key the same.
I have also seen people have completely separate signing and encryption keys... But - I could still lose the passphrase for my signing key, or someone could find a way to steal my private keyring, or ... So, there seems to be no way around re-establishing trust (getting people to sign my current (signing-) key) once in a while. Well, maybe this is not too bad a thing anyway... Thanks, Stefan -- Stefan H. Holek, stefan@epy.co.at