PGP bet practices when key expires?
Alex Pennace
alex at pennace.org
Sun Sep 3 10:38:19 EDT 2006
On Fri, Sep 01, 2006 at 11:13:22AM -0400, V. Alex Brennen wrote:
> Yes. However, it would have been best practice to generate a new key
> pair before the old key pair expired. Then, to use the old key pair
> to sign the new key pair there by linking it into the web of trust.
>
> After doing that, you could have mailed all of the people who signed
> your old key in the past requesting that they sign the new key. Upon
> receiving a note with a signature from a key that they explicitly trust,
> or with a signature from a key signed by a key that they explicitly
> trust, they should be willing to trust the new key enough to sign it.
>
> There is nothing inherently wrong with extending the key's expiration
> date. But, I think that before some one does that they should
> themselves - "What has changed about the threat model that I now trust
> this key to be valid for a longer period of time than I did when I first
> generated it?" Historically, cryptographic algorithms, protocols, and
> systems have always gotten easier to break over time.
>
> Additionally, it's beneficial to change keys every few years because
> if a key is ever compromised only the signatures for a limited amount
> of time are compromised. The compromise is limited to the amount of
> time that you had used that specific compromised key, rather than
> every signature that you've ever made.
[snip]
Interesting thoughts. But another group of GnuPG gurus
(<http://keyring.debian.org/replacing_keys.html>) suggests simply
updating the original key. Are they right, wrong, or just different?
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Discuss
mailing list