On Thu, Apr 1, 2021 at 12:24 PM Sara Golemon <poll...@php.net> wrote:
> On Thu, Apr 1, 2021 at 11:19 AM Rowan Tommins <rowan.coll...@gmail.com> > wrote: > > > On 01/04/2021 15:59, Sara Golemon wrote: > > > On Thu, Apr 1, 2021 at 9:21 AM Bishop Bettini <bis...@php.net > > > <mailto:bis...@php.net>> wrote: > > > > > > I also added a FAQ. > > > > > > > > > I disagree with the position this document takes on immortal keys. We > > > should encourage best-practices with the knowledge that some people > > > will weaken their security with an immortal key, not start from a weak > > > position and suggest that adhering to best practices is "paranoid". > > > > > > I've been looking around, and most of what I can find says that expiring > > a primary key which you use directly for signing has very little value, > > because anyone who has the private key and passphrase can change the > > expiry date at any time. See for example: > > https://security.stackexchange.com/q/14718/51961 > > > > The main use case seems to be when using sub-keys, where the primary key > > (with no expiry) is kept offline, and new sub-keys are generated from it > > regularly (e.g. once a year) with an appropriate expiry date. > > > > This is based only on a few hours of searching online, however, so I'd > > be happy to see a better explanation of how to use expiry effectively. > > > > > Yeah, I just got told the same offline. That's.... depressing. Not > surprising when one thinks about it more, but still depressing. > Appreciate the feedback, Sara and Rowan! I think there was still opportunity to improve that section, so I adjusted the language to be less accusatory and highlight the essential limitations.
