Recommended key size for life long key
Johan Wevers
johanw at vulcan.xs4all.nl
Sun Sep 1 21:45:07 CEST 2013
On 1-9-2013 14:18, Nicholas Cole wrote:
> In a more ideal world, no one would want a key to last longer than a few
> years, and replacing keys at regular intervals would be the norm.
Why? What's the advantage of that? I replace keys after I they have a
chance of being compromised, but not before. Same for my mail domain - I
created a ssh certificate that is valid for 50 years (unlimited was not
an option) and I'll replace it whan I fear intrusions or crypto
breakthroughs make it unsecure. Not before.
Your advice makes me think of company password policies where you have
to change it every month, leading to <passwordprefix>01,
<passwordprefix>02, ..., <passwordprefix>12. Complete waste of effort.
--
Met vriendelijke groet / With kind regards,
Johan Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
More information about the Gnupg-users
mailing list