On 05/06/2011 08:34, Hauke Laging wrote:
Am Freitag, 6. Mai 2011, 09:47:57 schrieb Doug Barton:

There's also another element, the expiration date is irrelevant if the
key is actually compromised. If Eve has your secret key she can simply
update or remove the expiration date, and upload the new version of the
public key to the public keyservers.

That's not correct for subkeys and offline mainkeys as the good guys do it.

I don't understand this response. What I'm saying is that if the key is compromised, expiration dates become irrelevant. Perhaps you could expand your response a bit?

I admit that a subkey expiration date does not make much sense for low
security mainkeys but it is quite useful for more secure environments.

How so? I still haven't seen an explanation of what benefit the expiration date provides.


Doug

--

        Nothin' ever doesn't change, but nothin' changes much.
                        -- OK Go

        Breadth of IT experience, and depth of knowledge in the DNS.
        Yours for the right price.  :)  http://SupersetSolutions.com/


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to