Renewing expiring key - done correctly?
Robert J. Hansen
rjh at sixdemonbag.org
Tue Dec 3 22:02:06 CET 2013
> PRIMARY QUESTIONS - I am uncertain about the sub-key. When I
> attempt to 'expire' it the date does not seem to change.
The first question I have is, "How did you attempt to 'expire' it?"
> SECONDARY QUESTION - is there documentation regarding 'best
> practices' on managing expiring keys and renewing via sub-keys
Unfortunately, no.
There will certainly be well-meaning people who will speak up with
their own idea of what the best practices for such a thing are. I
encourage skepticism. Key management is at least 95% policy, and
policy will vary from person to person and place to place based on
each individual's perceptions of risks and risk mitigation strategies.
By all means listen to these opinions, but please be skeptical of
thinking they are correct. What makes sense for one person's risk
profile may not make sense for yours. There are very few universal
truths here, and that makes attempts at compiling best practices
extremely difficult.
More information about the Gnupg-users
mailing list