On 12/3/2013 7:53 PM, Hauke Laging wrote: > Sure but it makes little sense to play best practice in one part of key > management (expiration) and simultaneously worst practice (online mainkey) in > a much more important part of key management.
By introducing offline primary key storage on an air-gapped system, your policy has become so complicated that no one, yourself included, is capable of always following it to the letter. A system so complex it cannot be used correctly, won't be used correctly. This is why avoiding expiration dates, offline key storage, etc., often results in a stronger system: because by making it easier to use correctly you increase both the likelihood it will be used at all, and the likelihood it will be used correctly. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
