"valid from" date?

Thu Jun 29 16:02:55 CEST 2006

Jørgen Lysdal wrote:
> 2006/6/28, Werner Koch <wk at gnupg.org>:

>> I can see no reason for using a valid from key.  Simply create it when
>> you need it.

I can imagine that it makes sense for a key with
no subkeys. You can already collect signatures
before you actually use the key.
In the case of subkeys that seems to be not
necessary.

> For me, creating a key is a one-time-thing, why not add some sub´s from
> the start, so i dont have to mess with it later?

Well, producing cryptographic material years ahead does
not really sound like very good idea. The used algorithms
may have already proven to be insecure by the time the
key get's valid. And advances in hardware technology and
crpytographic attacks may enable an attacker to spend plenty
of time on hacking your key in advance.
These issues might render the key useless before the "start
from" date is actually reached.

So it's the usual trade off between convenience and
security...

Cheers, Olaf

-- 
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Senior Researcher,                       Consulting GmbH
Phone: (+49) 0700 / PRESECURE           og at pre-secure.de

                        A daily view on Internet Attacks
                        https://www.ecsirt.net/sensornet