Fwd: Re: Best practice for periodic key change?
kgo at grant-olson.net
Sun May 8 22:40:36 CEST 2011
Meant to sent on-list...
-------- Original Message --------
Subject: Re: Best practice for periodic key change?
Date: Sun, 08 May 2011 16:39:34 -0400
From: Grant Olson <kgo at grant-olson.net>
To: Ingo Klöcker <kloecker at kde.org>
On 5/6/11 3:48 PM, Ingo Klöcker wrote:
> On Thursday 05 May 2011, Hauke Laging wrote:
>> What is the difference between these two options with respect to the
>> point of confusion?
> Unless I'm missing something the difference is as follows:
> - With prolongation of the expiration time releases signed before the
> prolongation will keep having a valid signature.
> - If one creates a new subkey then releases signed with the old expired
> subkey(s) will have an invalid signature. One would have to re-sign the
> old releases with the new subkey.
The old releases won't have an invalid sig as long as the sig was made
before the expiration date. Expiring a key now doesn't invalidate a sig
made yesterday. Gpg will print out a note saying the key is expired,
but it's not as drastic as the error with a post-dated signature.
"I am gravely disappointed. Again you have made me unleash my dogs of war."
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 570 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users