Meant to sent on-list... -------- Original Message -------- Subject: Re: Best practice for periodic key change? Date: Sun, 08 May 2011 16:39:34 -0400 From: Grant Olson <k...@grant-olson.net> To: Ingo Klöcker <kloec...@kde.org>
On 5/6/11 3:48 PM, Ingo Klöcker wrote: > On Thursday 05 May 2011, Hauke Laging wrote: >> What is the difference between these two options with respect to the >> point of confusion? > > Unless I'm missing something the difference is as follows: > - With prolongation of the expiration time releases signed before the > prolongation will keep having a valid signature. > - If one creates a new subkey then releases signed with the old expired > subkey(s) will have an invalid signature. One would have to re-sign the > old releases with the new subkey. > Nope. The old releases won't have an invalid sig as long as the sig was made before the expiration date. Expiring a key now doesn't invalidate a sig made yesterday. Gpg will print out a note saying the key is expired, but it's not as drastic as the error with a post-dated signature. -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war."
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users