Robert J. Hansen schrieb: >> One more thing: the key expiry. Do you think that setting the expiry >> date after a year or two is a good choice? Or is better not to set a >> expiry date and revoke the key when necessary? > > For most personal/home users, expiration is not necessary.
We might want to qualify that statement somewhat: Specifying key expiry if you are concerned with *cryptanalytical advances* is usually not necessary/sensible for a personal user, as said user is normally not concerned with cryptanalysis. Even if s/he was, making predictions whether the optimal key expiry period should be a month, six months, one year or longer is hard/impossible. Key expiry has another valuable function, however, that may serve well for personal users (in fact, IMHO particularly well exactly for those users): It serves as a sort of "automatic revocation" that even works when you have lost access to your secret key / passphrase / revocation certificate. If you have ensured that you can revoke your key under all circumstances, you might go without key expiry. For this purpose, something from six months to one year seems reasonable to me. Note in particular that the expiry date my be modified later on by editing the key. This does not invalidate the key or any signatures by third parties. Therefore, if your key reaches expiry, just add another year and re-distribute it to the keyservers. It is not necessary to create a wholly new key. cu, Sven _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
