Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PGP bet practices when key expires?

On Fri, Sep 01, 2006 at 11:13:22AM -0400, V. Alex Brennen wrote:
> Yes.  However, it would have been best practice to generate a new key 
> pair before the old key pair expired.  Then, to use the old key pair
> to sign the new key pair there by linking it into the web of trust.
> After doing that, you could have mailed all of the people who signed 
> your old key in the past requesting that they sign the new key.  Upon
> receiving a note with a signature from a key that they explicitly trust,
> or with a signature from a key signed by a key that they explicitly 
> trust, they should be willing to trust the new key enough to sign it.
> There is nothing inherently wrong with extending the key's expiration
> date. But, I think that before some one does that they should
> themselves - "What has changed about the threat model that I now trust
> this key to be valid for a longer period of time than I did when I first
> generated  it?"  Historically, cryptographic algorithms, protocols, and 
> systems have always gotten easier to break over time. 
> Additionally, it's beneficial to change keys every few years because
> if a key is ever compromised only the signatures for a limited amount
> of time are compromised.  The compromise is limited to the amount of
> time that you had used that specific compromised key, rather than
> every signature that you've ever made.

Interesting thoughts. But another group of GnuPG gurus
(<>) suggests simply
updating the original key. Are they right, wrong, or just different?

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /