Recommended key size for life long key

Johan Wevers johanw at vulcan.xs4all.nl
Sun Sep 1 21:45:07 CEST 2013


On 1-9-2013 14:18, Nicholas Cole wrote:

> In a more ideal world, no one would want a key to last longer than a few
> years, and replacing keys at regular intervals would be the norm. 

Why? What's the advantage of that? I replace keys after I they have a
chance of being compromised, but not before. Same for my mail domain - I
created a ssh certificate that is valid for 50 years (unlimited was not
an option) and I'll replace it whan I fear intrusions or crypto
breakthroughs make it unsecure. Not before.

Your advice makes me think of company password policies where you have
to change it every month, leading to <passwordprefix>01,
<passwordprefix>02, ..., <passwordprefix>12. Complete waste of effort.

-- 
Met vriendelijke groet / With kind regards,
Johan Wevers

PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html




More information about the Gnupg-users mailing list