Hi, Am 29.01.2013 04:37, schrieb Gaetan Bisson: > Dave's answer certainly misses the real question of why Thorsten would > want an expiration date on his GPG key,
Because its good and common practice. There are several reasons for this, one of which is a compromise. When you got compromised and lose your revocation certificate, too, the key will expire at some point in time. I'm not sure about GPG, but in case of X.509 it also helps to keep the certificate revocations lists (CRL) short, as certificates, which are expired anyway, don't have to be listed here explicitly. When doing everything right, this kind of issues shouldn't happen, as you would update the involved keys (and packages) early enough. Obviously we are all just humans and tend to forget about these things, especially when they work just flawlessly for a reasonable amount of time ;). Best regards, Karol Babioch
signature.asc
Description: OpenPGP digital signature
