[Discuss] Expired gpg key

[invalid at pizzashack.org (Derek Martin)]

On Fri, Oct 04, 2013 at 04:09:33AM -0400, John Abreau wrote:
> > On Thu, Oct 03, 2013 at 05:02:57AM -0400, John Abreau wrote:
> >> It should be noted that if the key is expired, then most likely all
> >> previous signatures on it are almost certainly also expired.
> > 
> > Signatures don't expire, though the keys used to sign them might...
> > but this may not be interesting depending on how you--and the people
> > you communicate with--manage your keys.  See below.
> 
> I had an expired key a number of years ago that I edited with gnupg
> to extend the expiration date, and when I listed the key afterward,
> *all* the signatures on the key were listed as having expired on the
> original expiration date of my key.  Was that just a bug in the way
> gnupg implements its -- list-keys option?

Actually I'm wrong...  You can see the expiration dates of your key's
signatures by running:

  gpg --list-sigs --list-option show-sig-expire ...

OK, so the reason I've never seen this is something I mentioned in my
previous e-mail:  My signing key never expires.  By default, PGP/GPG
will set the expiration of signatures on your keys to the date of your
signing key expiration.

Incidentally, here's a blog post from someone who advocates that same
key management policy, with his reasonings:

  http://madduck.net/blog/2006.06.20:expiring-gpg/


-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail due to spam prevention.  Sorry for the inconvenience.