On Aug 27, 2009, at 6:03 PM, Joseph Oreste Bruni wrote:
Would it be considered a best practice to rotate encryption subkeys on an annual basis, or would that be considered overkill for most uses?
It depends on what you're trying to do. :)
I realize that messages are encrypted using ephemeral session keys which in turn are encrypted with public keys. Considering the small amount of data (i.e. sessions keys) being encrypted using public keys, are ciphertext attacks really even feasible?
Not really, no. I wouldn't rotate encryption keys for that reason, but there are other reasons that might be more useful for you. For example, if, when you make a new subkey, you also destroy the old one, you give yourself forward security. All messages that were encrypted to the earlier key cannot be decrypted by anyone (including you). At an extreme, you could use a new encryption subkey per-message (something which the keyserver operators would no doubt be thrilled about). This is not generally useful, though, as most people do want the ability to go back and review their old messages.
Incidentally, there have been proposals to add forward security extensions to OpenPGP. See http://www.apache-ssl.org/openpgp-pfs.txt
David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
