suggestions surrounding key generating
Wed, 08 Nov 2000 13:11:42 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hi there, Frank Tobin,
On 08 November 2000, I received the following message from you regarding
"suggestions surrounding key generating"
FT> In GnuPG 1.0.4, during key generation, the question concerning key
FT> expiration defaults to no expiration. I think most users would be better
FT> served by having the default option be some expiration, possibly 1 year.
FT> Generally, new users will make fatal mistakes when generating/using their
FT> first keys, and having a reasonably short expiration could minimize the
FT> possibiliy of the the bad effects of these keys being "forever" (e.g.,
FT> without expiration).
If you are generating keys and they are not to be sent to keyservers,
then the issue of the expiration of the keys does not matter: you
simply delete the key.
My experience with PGP in Windows leads me to believe that its better
to have keyservers have a key on them, even if revoked. If it is
revoked, people will know that the key is not to be used, and this is
better than them having no record of a key. It is better that those
keys have no date of expiry, therefore. At present there are no
keyserver facilities in GnuPG for Windows, so the issue does not arise
(keys are sent to keyservers via PGP).
There is just one area where it could be advantageous to have a time
limited key: when digital signing of documents prepared on a
particular date is required. In order to ensure that the signature is
correct, you will need to verify that signature at any time, so this
is perhaps not a good idea.
And what happens if somebody totally new to PGP/GnuPG generates a key
with a date limit, encrypts a message/document with that key, then
cannot decrypt it because of the date limit?
Graham reply to: firstname.lastname@example.org
Please PGP/GnuPG sign mail for verification and encrypt for internet security
Please use my PGP Key ID: 0x99DB10BD or my GnuPG Key ID: EB389C4E
Written on 08 November 2000 12:59:09
-----BEGIN PGP SIGNATURE-----
Comment: GnuPG with WinPT v0.0.2 (WIN98)
-----END PGP SIGNATURE-----
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to email@example.com