Best practice for periodic key change?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri May 6 17:05:56 CEST 2011
On 05/06/2011 03:47 AM, Doug Barton wrote:
> There's also another element, the expiration date is irrelevant if the
> key is actually compromised. If Eve has your secret key she can simply
> update or remove the expiration date, and upload the new version of the
> public key to the public keyservers. So, I remain confused as to what
> purpose expiration dates on the keys will serve.
This is a critical observation.
expiration dates are safeguards against a key becoming inaccessible to
the legitimate keyholder -- not against compromise.
There are other safeguards against keys becoming inaccessible, including
a safely-stored revocation certificate.
Expiration dates have the advantage over revocation certificates that
you do not need to keep track of anything or maintain safe and secure
longterm storage.
A safely-stored revocation certificate *also* protects against key
compromise, though, so you really ought to have one anyway. Consider
the expiration date as a safeguard against simultaneous loss (not
compromise) of the key and loss of the revocation certificate.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110506/290666a6/attachment.pgp>
More information about the Gnupg-users
mailing list