Best practice for periodic key change?
expires2011 at ymail.com
Fri May 6 23:02:51 CEST 2011
-----BEGIN PGP SIGNED MESSAGE-----
On Friday 6 May 2011 at 8:48:03 PM, in
<mid:201105062148.04108 at thufir.ingo-kloecker.de>, Ingo Klöcker wrote:
> Unless I'm missing something the difference is as
> follows: - With prolongation of the expiration time
> releases signed before the prolongation will keep
> having a valid signature. - If one creates a new subkey
> then releases signed with the old expired subkey(s)
> will have an invalid signature. One would have to
> re-sign the old releases with the new subkey.
Surely the signature on the old release would still be valid; it would
just be from a now-expired subkey instead of from the new and
currently-valid subkey. Or have I overlooked something?
MFPA mailto:expires2011 at ymail.com
Of course it's a good idea - it's mine!
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users