Best practice for periodic key change?
Grant Olson
kgo at grant-olson.net
Fri May 6 22:54:28 CEST 2011
On 5/6/11 4:48 PM, Jerome Baum wrote:
> On Fri, May 6, 2011 at 22:37, Doug Barton <dougb at dougbarton.us
> <mailto:dougb at dougbarton.us>> wrote:
>
>
> I don't understand this response. What I'm saying is that if the key
> is compromised, expiration dates become irrelevant.
>
>
> Up to a point. If my key expired yesterday, no-one can forge a message
> with that key and claim it's from today.
>
> Just being nit-picky... :)
>
Doug is saying that if the key's been compromised, and not lost, Eve can
create a new expiration date and push that to the keyservers.
--
Grant
"I am gravely disappointed. Again you have made me unleash my dogs of war."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 570 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110506/5b822762/attachment.pgp>
More information about the Gnupg-users
mailing list