Best practice for periodic key change?

Grant Olson kgo at
Fri May 6 22:54:28 CEST 2011

On 5/6/11 4:48 PM, Jerome Baum wrote:
> On Fri, May 6, 2011 at 22:37, Doug Barton <dougb at
> <mailto:dougb at>> wrote:
>     I don't understand this response. What I'm saying is that if the key
>     is compromised, expiration dates become irrelevant.
> Up to a point. If my key expired yesterday, no-one can forge a message
> with that key and claim it's from today.
> Just being nit-picky... :)

Doug is saying that if the key's been compromised, and not lost, Eve can
create a new expiration date and push that to the keyservers.


"I am gravely disappointed. Again you have made me unleash my dogs of war."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 570 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110506/5b822762/attachment.pgp>

More information about the Gnupg-users mailing list