Best practice for periodic key change?
Hauke Laging
mailinglisten at hauke-laging.de
Fri May 6 17:34:22 CEST 2011
Am Freitag, 6. Mai 2011, 09:47:57 schrieb Doug Barton:
> There's also another element, the expiration date is irrelevant if the
> key is actually compromised. If Eve has your secret key she can simply
> update or remove the expiration date, and upload the new version of the
> public key to the public keyservers.
That's not correct for subkeys and offline mainkeys as the good guys do it.
I admit that a subkey expiration date does not make much sense for low
security mainkeys but it is quite useful for more secure environments.
Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110506/fbaf32b5/attachment.pgp>
More information about the Gnupg-users
mailing list