Best practice for periodic key change?
dougb at dougbarton.us
Fri May 6 22:56:07 CEST 2011
On 05/06/2011 13:48, Jerome Baum wrote:
> On Fri, May 6, 2011 at 22:37, Doug Barton <dougb at dougbarton.us
> <mailto:dougb at dougbarton.us>> wrote:
> I don't understand this response. What I'm saying is that if the key
> is compromised, expiration dates become irrelevant.
> Up to a point. If my key expired yesterday, no-one can forge a message
> with that key and claim it's from today.
That's absolutely not true. New signatures can be created with expired
keys, and as Werner pointed out new signatures can be created with keys
that have had their expiration dates updated, and although a percentage
of users may inquire about it, it's usually the "know just enough to be
dangerous" contingent (I.e., those smart enough to know that the key is
expired on their key ring, but not smart enough to refresh it). There
may be a tiny percentage of users who are smart enough to do both, who
would then realize that the signature is invalid. However given that the
scenario you described (forgery, vs. key compromise) is so
overwhelmingly unlikely to happen (at least in any kind of meaningful
way) I'm not sure it's worth considering.
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
More information about the Gnupg-users