On 1-9-2013 14:18, Nicholas Cole wrote: > In a more ideal world, no one would want a key to last longer than a few > years, and replacing keys at regular intervals would be the norm.
Why? What's the advantage of that? I replace keys after I they have a chance of being compromised, but not before. Same for my mail domain - I created a ssh certificate that is valid for 50 years (unlimited was not an option) and I'll replace it whan I fear intrusions or crypto breakthroughs make it unsecure. Not before. Your advice makes me think of company password policies where you have to change it every month, leading to <passwordprefix>01, <passwordprefix>02, ..., <passwordprefix>12. Complete waste of effort. -- Met vriendelijke groet / With kind regards, Johan Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users