On 19.01.16 19:50, Doug Barton wrote: > On 01/19/2016 09:16 AM, Patrick Brunschwig wrote:
>> I don't agree to your statement. If you create a key in Enigmail, it >> is valid for 5 years by default. I consider it good practice to >> replace a key after this period. > > Why? (...) > Meanwhile, I'm concerned that by making expiration dates not only the > default, but the recommendation, that we're going farther down the road > of making things more complicated than they need to be for users who are > not advanced. I'm interested to hear your reasoning on this. An expiry date on the key is the last resort, if you lose your secret key AND the revocation certificate. And this is often the case, as one can easily read in the archives. I was a victim of a missing backup of a Smartcard key-based myself. I was in luck, that there was an expiry date set. So, this measure is protecting the users from themselves respectively their loose practice of key storage. Apart from that: Advance in cryptography standards, e.g. new keylengths, better algorithms: Nobody would regard a 20 year old 512-bit RSA key from old PGP2.x times as adequate today. Also, a 5-7 years old 1024-bit DSA/El-Gamal should not be life-extended but replaced instead. Advance in cryptanalysis, e.g. broken algorithms. This is - up to now - theoretical, but nobody can know for the future. Ludwig
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
