[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] PGP Subkey Expiration
- Subject: [ale] PGP Subkey Expiration
- From: jeremy.bouse at undergrid.net (Jeremy T. Bouse)
- Date: Sun, 01 Feb 2009 20:48:54 -0500
- In-reply-to: <[email protected]>
- References: <[email protected]>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
My policy is to go the route of option #3... I issue new subkeys
according to my published key policy [1] with an expiration of usually
24 months, never more than 30. I issue the new subkeys before the old
ones expire and get them out to the key servers. After I've given time
for the new subkeys to get out I think send out the revocation certs for
the subkeys.
I've ran into issues before with odd behavior with expired keys that
haven't been revoked causing false positive alerts.
Regards,
Jeremy
[1] http://undergrid.net/legal/gpg
Andrew Grieser wrote:
> I have a pgp/gpg subkey that is about to expire (the encryption subkey is expiring, not the master signing key), and was wondering which action to take:
>
> 1) Extend expiration date
> 2) Let encryption subkey expire and generate a new encryption subkey
> 3) Let encryption subkey expire AND revoke it, and generate a new encryption subkey
>
> Just wondering what normal practice was on this. The reason I initially put an expiration date on the subkey was in case I ever lost the keys and/or paranoia.
>
> Andrew
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iF0EARECAB0FAkmGUP4WGGhrcDovL3N1YmtleXMucGdwLm5ldAAKCRCagQNPdb5V
OdEVAKDjdurCWIXC40SXA906Edcryh6yigCfQX5i9jfv907aafTXklzf24g5yUI=
=lkTw
-----END PGP SIGNATURE-----