On 09/01/2013 02:45 PM, Johan Wevers wrote:

> Why? What's the advantage of that? I replace keys after I they have a
> chance of being compromised, but not before. Same for my mail domain - I
> created a ssh certificate that is valid for 50 years (unlimited was not
> an option) and I'll replace it whan I fear intrusions or crypto
> breakthroughs make it unsecure. Not before.
> 

The longer a key is in use the greater the chance of compromise. Just
because you believe it has not been compromised doesn't make it so. By
regenerating keys every so often you drastically lessen the chances of a
key being compromised or of a possible compromise having as much effect
on you. There is a reason things like IPSEC keys are renegotiated after
so many minutes or after so many bytes are transmitted. :)





-- 



Larry Brower, CCNA

Fedora Ambassador - North America
Fedora Quality Assurance
lbro...@fedoraproject.org
http://www.fedoraproject.org/

Attachment: 0x0806CF8B.asc
Description: application/pgp-keys

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to