gnupg-pkcs11 status & future

[Peter Lebbing]

On 26/02/16 15:18, Werner Koch wrote:
> Rotating does only make sense if you take the old key soon offline.

Why is this the case? I must admit I'm fairly comfortable not rotating
my keys (which are on OpenPGP smartcards). But I can think of lines of
reasoning where it makes sense to rotate, but still keep the old
decryption key available. Think: "There's a non-zero chance that someone
got my private key material, but at least they can only decrypt stuff
encrypted in 2011, all other years use a different key". Note in this
scenario it is nice if I can still easily access my 2011 material as well.

I'm not saying this is a solid line of reasoning. I'm just curious why
limiting access to the decryption key is the only thing that makes sense.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>