On Thu, Apr 1, 2021 at 11:19 AM Rowan Tommins <rowan.coll...@gmail.com> wrote:
> On 01/04/2021 15:59, Sara Golemon wrote: > > On Thu, Apr 1, 2021 at 9:21 AM Bishop Bettini <bis...@php.net > > <mailto:bis...@php.net>> wrote: > > > > I also added a FAQ. > > > > > > I disagree with the position this document takes on immortal keys. We > > should encourage best-practices with the knowledge that some people > > will weaken their security with an immortal key, not start from a weak > > position and suggest that adhering to best practices is "paranoid". > > > I've been looking around, and most of what I can find says that expiring > a primary key which you use directly for signing has very little value, > because anyone who has the private key and passphrase can change the > expiry date at any time. See for example: > https://security.stackexchange.com/q/14718/51961 > > The main use case seems to be when using sub-keys, where the primary key > (with no expiry) is kept offline, and new sub-keys are generated from it > regularly (e.g. once a year) with an appropriate expiry date. > > This is based only on a few hours of searching online, however, so I'd > be happy to see a better explanation of how to use expiry effectively. > > Yeah, I just got told the same offline. That's.... depressing. Not surprising when one thinks about it more, but still depressing. -Sara
