Best practice for periodic key change?

Werner Koch wk at
Thu May 5 17:30:18 CEST 2011

On Thu,  5 May 2011 17:07, mailinglisten at said:

> Are there people who check the subkey IDs of old and new signatures, get 
> confused by a change despite of gpg saying it's all right (which IMHO demands 
> they have not understood the concept of subkeys)?

No they are confused that I signed a tarball with an expired key.  Well
expired according to their old copy of the key. 

> BTW: Would it be a good idea for gpg to suggest the user to check for an 
> updated version of the key (or do it automatically before if configured to do 
> so) if it find an expired subkey? This would probably not work with the GUIs 

Not for GPG but for the MUA they use.  It could be part of the error
message the MUA displays if no key or only an expired key was found.
For example a button "refresh key and retry".  It's all in GPGME.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list