Strange behaviour

Stephan Beck stebe at
Mon Dec 12 21:09:00 CET 2016

Peter Lebbing:
> On 12/12/16 12:38, Stephan Beck wrote:
>> You MIGHT consider having it expired as well, setting a decent expiry
>> date (maybe, expiry within 2 or 3 years).
> No, I don't think that is good advice if given without a specific reason
> to do so.

Well, the specific reason is that best practices exclude the usage of
sub keys without any expiry. See the FSFE's instructions in the known
Offline master key and multiple subkeys on smart card guide (or similar,
don't have the link right now).

> The expiry of a main key already establishes that others need to
> periodically refresh the key, which will mean changes propagate.

Expiry of a main key? The OP holds a main key without expiry date. In
such a case, I'd set an expiry date on subkeys. And I was talking about
his subkeys, because the 1024 bit subkey caught my attention.

> There are reasons to use expiries on subkeys, but it is an expert option
> and should just be left alone without a specific reason.

On the other hand, given the fact that the OP's key has additional
subkeys, he already used advanced user options.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20161212/267a86f9/attachment.sig>

More information about the Gnupg-users mailing list