GPG keys management

William Muriithi william.muriithi-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Tue Aug 14 12:26:59 UTC 2012


Hi,

I came across this statement from Linux journal.

Quote:
I used to use only non-aging keys but have become convinced that the
pros of expiration dates outweigh the cons. Therefore, I recommend
that you set your key to expire after no more than 18 or 24 months.
For me, one year is too short (tempis fugit!), but I doubt that a key
much older than a year and a half or two years can stand up to the
inevitable advances in computing power and/or factoring technology
(i.e., public-key cracking methods) that will have occurred over its
lifetime.
End Quote:

http://www.linuxjournal.com/article/4892

My question, lets say I have a key that I have managed to get 100s of
people to sign and in the course of doing so developed an extensive
web of trust, does it make sense to dump it every two years and start
over again? In another word, would you agree with above?

Regards,

William
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list