On 26/02/16 15:18, Werner Koch wrote: > Rotating does only make sense if you take the old key soon offline.
Why is this the case? I must admit I'm fairly comfortable not rotating my keys (which are on OpenPGP smartcards). But I can think of lines of reasoning where it makes sense to rotate, but still keep the old decryption key available. Think: "There's a non-zero chance that someone got my private key material, but at least they can only decrypt stuff encrypted in 2011, all other years use a different key". Note in this scenario it is nice if I can still easily access my 2011 material as well. I'm not saying this is a solid line of reasoning. I'm just curious why limiting access to the decryption key is the only thing that makes sense. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
