Key lifetime
Stefan H. Holek
stefan@epy.co.at
Thu, 8 Jun 2000 22:43:17 +0200 (CEST)
On Thu, 8 Jun 2000, L. Sassaman wrote:
> The longer the lifetime of a key, the more likely the key is to be
> compromised. If you chose to retire a key, be sure to link your new key
> with the old by signing it with the old before the old key expires.
Does this mean an expired key can still be used for computing trust?
> Note that you can make use of the fact that multiple subkeys are permitted
> in OpenPGP to address this issue partially: you expire your encryption
> keys, but keep your signing key the same.
I have also seen people have completely separate signing and encryption
keys...
But - I could still lose the passphrase for my signing key, or someone
could find a way to steal my private keyring, or ...
So, there seems to be no way around re-establishing trust (getting people
to sign my current (signing-) key) once in a while. Well, maybe this is
not too bad a thing anyway...
Thanks,
Stefan
--
Stefan H. Holek, stefan@epy.co.at