Best practice for periodic key change?

Hauke Laging mailinglisten at
Fri May 6 17:34:22 CEST 2011

Am Freitag, 6. Mai 2011, 09:47:57 schrieb Doug Barton:

> There's also another element, the expiration date is irrelevant if the
> key is actually compromised. If Eve has your secret key she can simply
> update or remove the expiration date, and upload the new version of the
> public key to the public keyservers.

That's not correct for subkeys and offline mainkeys as the good guys do it.

I admit that a subkey expiration date does not make much sense for low 
security mainkeys but it is quite useful for more secure environments.

PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110506/fbaf32b5/attachment.pgp>

More information about the Gnupg-users mailing list