gnupg-pkcs11 status & future
Peter Lebbing
peter at digitalbrains.com
Fri Feb 26 16:02:14 CET 2016
On 26/02/16 15:18, Werner Koch wrote:
> Rotating does only make sense if you take the old key soon offline.
Why is this the case? I must admit I'm fairly comfortable not rotating
my keys (which are on OpenPGP smartcards). But I can think of lines of
reasoning where it makes sense to rotate, but still keep the old
decryption key available. Think: "There's a non-zero chance that someone
got my private key material, but at least they can only decrypt stuff
encrypted in 2011, all other years use a different key". Note in this
scenario it is nice if I can still easily access my 2011 material as well.
I'm not saying this is a solid line of reasoning. I'm just curious why
limiting access to the decryption key is the only thing that makes sense.
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list