Best practice for periodic key change?
MFPA
expires2011 at ymail.com
Fri May 6 23:02:51 CEST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi
On Friday 6 May 2011 at 8:48:03 PM, in
<mid:201105062148.04108 at thufir.ingo-kloecker.de>, Ingo Klöcker wrote:
> Unless I'm missing something the difference is as
> follows: - With prolongation of the expiration time
> releases signed before the prolongation will keep
> having a valid signature. - If one creates a new subkey
> then releases signed with the old expired subkey(s)
> will have an invalid signature. One would have to
> re-sign the old releases with the new subkey.
Surely the signature on the old release would still be valid; it would
just be from a now-expired subkey instead of from the new and
currently-valid subkey. Or have I overlooked something?
- --
Best regards
MFPA mailto:expires2011 at ymail.com
Of course it's a good idea - it's mine!
-----BEGIN PGP SIGNATURE-----
iQE7BAEBCgClBQJNxGIFnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pSkUD/3SU
IPu98qzm8wAsXVjnvwkn8rZD8x3Q5V9Xre3+uV5k2G6VEwDV75NXkG65pE4Ol/+c
4Ex7+qny7QhK+8xL2xyTsZGSVGZyYgsjkKlRTw2ocD64leu15Q9+RQxdR2ummqA5
9Z8XT3CWnkjGLHIKNNgey2xX8ZsHHIOKCXqdpfXM
=A0bx
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list