Certification-only key

Peter Lebbing peter at digitalbrains.com
Wed May 31 17:42:10 CEST 2017


On 31/05/17 14:52, Lionel Elie Mamane wrote:
> Right to be forgotten. The signatures I made a long time ago were made
> by a different person, although there is a continuity between the
> two.

Talking about not forgetting, you answered after seven years?! :-D

I don't think expiring a signing subkey will make anyone forget
anything. Keyservers are append-only, so the expired subkey stays there,
and many of your peers will also not scrub their keyrings and remove
expired subkeys. Those that do might still keep signing subkeys so they
can still now and in the future verify stuff you signed before it
expired. Expired encryption subkeys don't serve a purpose for your peers
anymore, I think, people who like cleaning up might remove those.

As far as I am aware, the only thing that happens when a signing subkey
expires, is that signatures which have an issuing time after the expiry
are flagged as BAD. All signatures made before the key expired will
still show up as valid signatures by you and your certificate.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170531/b1b23bb5/attachment.sig>


More information about the Gnupg-users mailing list