-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 10/10/2013 06:32 PM, Hauke Laging wrote: | I know of no good reason for creating a mainkey without expiration date.
I know of no good reason to use expiration dates at all. Most end users don't know how to properly refresh their key rings, so if you extend the expiration date you will simply inconvenience anyone who is trying to communicate with you via encryption, and likely generate questions about why your messages are signed with an expired key. And what is the threat model that expirations are supposed to cover anyway? That the person loses control of the key, and any revocation certificates that they may or may not have generated? What is the practical effect to me, as someone with that key on my key ring? A responsible person who lost control of their key could still send messages to those that they correspond with and/or have signed their key saying "Hey, I'm an idiot, and I lost control of my key." But then again, such a person probably would not have lost control of the key in the first place. So if there is actually a threat model that expiration dates on keys helps with, please educate me. Otherwise can we stop recommending them? Especially to new users? Doug -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCAAGBQJSWK9PAAoJEFzGhvEaGryEZwcH/0DBHqon4JaS0lXZ7py0Qngp GQxnrBollk+B4/BEswHYdDvTYWA7mekRUkKDjyy6NPDd1AlNsWiZZw6KgRolRDAK g/R+qF4c0jKkBfpYgEXzjAkiyrVy894KEcWbNOlJ/u3stwIfVfKyN70pl1tfCR85 1Qi66OFloCanKNUy8P+aCoUrGKcUozSgEtXOkfXBbKWz7uOXHCg9EAl7eAmNBMuj KKK5JKzqzMqHsSmz3G3A94mp/9iPEYVgkbuXMQoRiF/0R5CbwTVxmeXuSi5S8QtL lNZtLmcpk8FJhccwSycCAxj6kDhiNXxuoEMRVmnQ6cEvjOQg8nGzg0WcAnj0PB8= =gE6T -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
