Subkeys renewing/expiring strategy
tlikonen at iki.fi
Thu Oct 13 15:42:04 CEST 2022
* 2022-10-11 17:23:49+0200, nect via Gnupg-users wrote:
> Since I was struggling to choose a strategy for expiring/renewing my
> subkeys [...]
We should ask why do you want to expire (and rotate) your subkeys? Maybe
you have good reasons but I'll remind of the basic question: why not use
the default simple strategy?
Keep secret keys secret so there is no need to rotate (sub)keys. Subkeys
don't need expiry date at all. The primary key should (!) have expiry
date which is updated as needed. That's it. No?
/// Teemu Likonen - .-.. https://www.iki.fi/tlikonen/
// OpenPGP: 6965F03973F0D4CA22B9410F0F2CAE0E07608462
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 251 bytes
Desc: not available
More information about the Gnupg-users