GPG keys management

Christopher Browne cbbrowne-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Tue Aug 14 15:54:00 UTC 2012


On Tue, Aug 14, 2012 at 8:26 AM, William Muriithi
<william.muriithi-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> Hi,
>
> I came across this statement from Linux journal.
>
> Quote:
> I used to use only non-aging keys but have become convinced that the
> pros of expiration dates outweigh the cons. Therefore, I recommend
> that you set your key to expire after no more than 18 or 24 months.
> For me, one year is too short (tempis fugit!), but I doubt that a key
> much older than a year and a half or two years can stand up to the
> inevitable advances in computing power and/or factoring technology
> (i.e., public-key cracking methods) that will have occurred over its
> lifetime.
> End Quote:
>
> http://www.linuxjournal.com/article/4892
>
> My question, lets say I have a key that I have managed to get 100s of
> people to sign and in the course of doing so developed an extensive
> web of trust, does it make sense to dump it every two years and start
> over again? In another word, would you agree with above?

For the cases where I have developed *purposeful* webs of trust, it's
fine to re-exchange keys every couple of years.  The practical case
for that about which I have Truly Cared has been in dealing with
escrow services, and it's not overly troublesome to rebuild "the web"
periodically.  (Well, it *is* troublesome, as such vendors seem
exceedingly procedurally-bound, and not in ways that involve them
seeming to much understand cryptography or WOT.  But it's not
troublesome in any way in which initial setup isn't.)

The notion of using broad WOT has never really taken off.  On any
given technical mailing list, I find it reasonably likely that I can
expect to see *a* participant who signs all of his messages, and
there's just enough interest in such that any time a new mail client
comes along, someone builds an add-on to make it possible to GPG-sign
their messages.  But the notion of people generally checking
signatures just doesn't happen.  As consequence, the "value" of that
is more of being a hobbyist that's keen on having hundreds of members
of their WOT to prove that they can, as opposed to it being really
useful.

The one place where signatures get used more broadly is by signers of
Debian packages.  And there, there is a sufficiently giant set of
developers that it's needful to have policies to cope with key expiry,
and hence, for them, while too-rapid expiry might be bad, periodic
expiry is a protection against keys getting cracked, and is somewhat
more a feature than a bug.

Note that it's NOT forcibly the case that all keys need to get dumped
each time and re-negotiated from scratch.  It's absolutely reasonable
for me to use a new key to sign all the keys I have come to trust, and
people *do* get into policies of accepting replacement keys when
signed by the previously trusted key.
-- 
When confronted by a difficult problem, solve it by reducing it to the
question, "How would the Lone Ranger handle this?"
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list