Subkeys renewing/expiring strategy
Teemu Likonen
tlikonen at iki.fi
Thu Oct 13 15:42:04 CEST 2022
* 2022-10-11 17:23:49+0200, nect via Gnupg-users wrote:
> Since I was struggling to choose a strategy for expiring/renewing my
> subkeys [...]
We should ask why do you want to expire (and rotate) your subkeys? Maybe
you have good reasons but I'll remind of the basic question: why not use
the default simple strategy?
Keep secret keys secret so there is no need to rotate (sub)keys. Subkeys
don't need expiry date at all. The primary key should (!) have expiry
date which is updated as needed. That's it. No?
--
/// Teemu Likonen - .-.. https://www.iki.fi/tlikonen/
// OpenPGP: 6965F03973F0D4CA22B9410F0F2CAE0E07608462
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20221013/c8be5ffd/attachment.sig>
More information about the Gnupg-users
mailing list