Am Donnerstag, 5. Mai 2011, 11:19:30 schrieb Werner Koch: > A > period key change is problematic because it confuses those who want to > verify the signatures. > > BTW, the prolongation of the expiration time has showed (by means of a > lot of complaining mails) that many folks don't refresh the key from time > to time with the goal to retrieve revocation certificates.
What is the difference between these two options with respect to the point of confusion? In my understanding people either refresh their keys often enough or not. If they do so then they have either old subkeys with renewed expiration date or completely new subkeys. In both cases the should not notice the update; the verification result is the same. Are there people who check the subkey IDs of old and new signatures, get confused by a change despite of gpg saying it's all right (which IMHO demands they have not understood the concept of subkeys)? BTW: Would it be a good idea for gpg to suggest the user to check for an updated version of the key (or do it automatically before if configured to do so) if it find an expired subkey? This would probably not work with the GUIs though (but might make the GUI developers offer a similar feature). Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users