-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 10/11/2013 07:22 PM, Hauke Laging wrote: | Am Fr 11.10.2013, 19:09:19 schrieb Doug Barton: |> On 10/10/2013 06:32 PM, Hauke Laging wrote: | I know of no good |> reason for creating a mainkey without expiration date. |> |> I know of no good reason to use expiration dates at all. |> |> Most end users don't know how to properly refresh their key |> rings, | | So avoiding the "I'm an idiot" message is not a good idea but not | teaching people simple tasks is. I beg to differ.
Twenty years of experience shows us that it's a lost cause. PGP is simply too hard for "average" computer users. Even those who use PGP, which by definition makes them "above average" commonly don't refresh their key rings. So whether either of us like it or not, any plan that requires users to refresh their key rings for it to work is simply impractical. ... and I left out another problem with expiration dates, users that set them on their keys and are not aware that they can be extended. Robert's right, the defaults are what the vast majority of users should use. |> And what is the threat model that expirations are supposed to |> cover anyway? | | If there is a real threat then it is probably rarely going to | happen. But the point is: Threats are not the only argument for | crypto recommendations. Um, of course they are. Otherwise you're just participating in "security theater" and wasting everyone's time. Doug -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCAAGBQJSWLhJAAoJEFzGhvEaGryEZm4H/RV4Fg8cM1ycMH9OYU9U+RXh vZNE+r3qFXI6O1QW/gaiADEvSc000x4Di6oBH7UYgtPB28a/5MOw+koOCtPMnMSz UBEFGlxVv91+W+qIY4Pqc8oWOUQT13GcFWC8lGqbArX6gzXB9aQR7dzD9Y5bcuB8 Q6bR1J/Et4WVLKZsjnLs50v/bv+B4KfqlHU+i7kzVrlGog+rfspe1ogLw7IT+fWU sK4buQYoyDT4basFcz+ypXKF3LVqbP9JfJbp2DUswoN5NgC84RQqjrxpKxMG4SEv Uj/NYqgh1ZXTLmoL4nCepCCtqv6yGcsVJHTrY3Mcf6sKgSfO1TtBXH1PumUAPjk= =aRav -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
