Hi Paul,
On 2017-10-26 22:08:17, you wrote to All:
PH> How long do you suggest a key should be valid for?
That depends, on your use case. ;)
I make mine valid forever. In hindsight that might not have been a good idea. I
have some keys from the early 90's that I don't remember the passwords of, that
just take up space on the keyservers, but I can't do anything with.
PH> I'm not certain, I'd set an expiry on one I created with an open end
PH> value in 2016 to 2018 y/day but now I'm wondering if that's a wise
PH> move or not?
It seems a rather short period.
PH> I say that as my limited understanding of keys so far is that they
PH> gain greater trust when signed by others but if I expire a key after
PH> only less than 12 months to go then surely I have to start all over
PH> again with getting the new on signed etc. so in my mind it's a disincentive
PH> to expire it?
If you sign your new key with the old one, there is a web of thrust that goes
back to the signers of the old key. But I don't know how that works with
expired keys. There is probably less thrust when there are expired keys
involved.
PH> Thoughts welcome.
Whatever period you choose, at least generate revokation certificates and keep
them in a save place, so if you loose the passwords of your key you can still
revoke them...
And I just read that you can always extend the expiration date on an already
expired key, and send that out to the key servers. So there is no reason to not
use an expiration date on keys. I think I'm gona set mine to 5 years...
Bye, Wilfred.
--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)
|
