Hi! Anders Breindahl schrieb: > So please restate that -- > even in the face of quantum computers -- we won't ever factor 256 bit > numbers. Apart from the fact that 256bit is about symmetric keys (a 256bit number would be factored quite easily -- that's why we have 4096 bit RSA keys), possible advances in cryptology are nothing that would require key lifetimes. Once you do not feel comfortable enough with your current keylength anymore, you can simply revoke the key manually. Actually, predicting possible advances in fields like quantum computing is very hard, so it would be far easier to follow the news on this topic rather than decide *today* when your current key might become insecure (to make a sensible decision about the expiry-date). Consequently, your choice would have to be over-conservative (which is not necessarily a bad thing).
Key expiry, to my understanding, is more of an automatic fallback mechanism to limit the possible damage/inconvenience in the case that you cannot take care of revoking the key yourself. This does very well justify the short lifetimes that we see on keys today. cu, Sven _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
