> I have read what everybody has said on the subject and one > thing needs to be said again. THE DEFAULT EXPIRE FOR A NEW > KEY NEEDS TO BE FOR TWO YEARS FROM DATE OF KEY CREATION!
That's making some really big assumptions about the security policy of the person making the key. There are also a lot of perfectly good alternatives which should perhaps be excluded first. Also, a two-year expiration date will do very little to help people who forget their passphrases within a few weeks of creating keys. Once you remember the passphrase for a few weeks, it'll be in your head forever. > For that matter, I think the pressure to shove their keys > on to key-servers immediately just needs to be dropped. A key which cannot be found is a liability, not an asset. The keyservers exist to be used. > Increasing computing power alone have made such things as > DES almost laughable now. Keys shouldn't be made with the > idea that they can last forever. There are two responses to this, both of which are factually accurate: 1. We are unlikely to ever be able to brute-force a 256-bit keyspace. Ever. Not until computers are made of something other than matter, occupy something other than space, run on something other than energy, according to rules other than physics. 2. This is a reason to advocate forethought when generating keys, not a reason to advocate just one method of solving the problem. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users