Viktor Dick: > In this case, I think you have got a point. I think the gnupg default of > 'expires: never' is not the best solution, since people who just try it > out might end up with a public key published to keyservers where they > have lost the private key. [...] > But I still think it might be > better to set a default expiry of, let's say, 1 year and two months for > the primary key and one year for the subkeys.
o IMHO, users of the terminal gpg program should be well aware of the existence of expiration of a key, because they were asked for it during key generation. o "People who just try it [gpg] out" should (and most likely will) not use the terminal interface. o "People who just try it [gpg] out" should use Enigmail or another GUI. And when using Enigmail, the expiry default is 5y, a revocation certificate is generated by default so that the user can revoke the key if s/he lost the passphrase/secret key. Also, the user is advised to make a copy to an external medium (CD/USB) or print it out. It is already 'fail safe' so to say. ~flapflap _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
