expire function

Michael Kirchner michael at hirnreck.de
Mon Dec 20 15:43:01 CET 2004

Hi David,

David Shaw wrote:
> The main problem is one of convenience.  If you have gathered a number
> of signatures on your key, you have to get them over again with a new
> key.  Since you say you are using it mainly for private communication,
> perhaps this reason does not apply to you.

Yes, there are only very few signatures on my key.

> Note that signing the new key with the old one doesn't do anything in
> the web of trust: expired keys are not counted.

This was the information I was missing. Is this badly documented or did
I have chicken-sandwich on my eyes when I read the manuals about public
key infrastructure?

> A reasonable solution for the desire to have expiring keys, plus the
> desire to have one well-known key to sign is to use subkeys and have
> the subkeys expire.  That is what I do.

OK, thanks, I will look into that.

                          Michael Thomas Kirchner

More information about the Gnupg-users mailing list