On 17/08/16 17:03, Gabriel Philippe wrote: > On Wed, Aug 17, 2016 at 5:43 PM, Andrew Gallagher <andr...@andrewg.com> wrote: >> On 17/08/16 16:36, Gabriel Philippe wrote: >>> >>> Set an expiration date to your key one year from now. Every 6 months, >>> postpone this expiration date to 6 more months. It's too late for >>> these people, but in the future and same conditions, others won't have >>> a false security feeling when writing to you: if they keep using the >>> wrong tkey, they will get a warning. >> >> Computers were invented to liberate us from such drudgery. > > I know several people for whom you can find public keys on keyservers > with no expiration date, who have lost the private key. Long time ago, > just testing PGP, disk crash with no backup... Sometimes they still > using the same e-mail address.
/me raises his hand guiltily My only hope is that someday 1024-bit DSA keys will be generally deprecated... > Maybe softwares creating keys should impose expiration dates, unless > in export modes. Yes, absolutely. And it should also be made much clearer that expiration dates can be extended indefinitely. I threw away two perfectly good primary keys before I learned this handy fact. > Maybe softwares using keys should automatically > postpone expiration dates and re-export the keys... No, because you misplacing your private key and me failing to download your revocation are different problems, with different burdens of responsibility and different urgencies. A weekly or even daily keyring refresh could be considered prudent - but weekly key expirations would be extreme. To use the DNS analogy again, "TTL" and "expiry" are different numbers. One is a cache refresh schedule and one is a cache invalidation schedule. Not the same thing at all. > But computers > can't do everything. People have to learn and understand some basics, > and practice. The entire point of civilisation is that you don't need to know everything. Sure, computer geeks should know these things. But your granny should never need to know what goes on under the hood of her software, any more than she needs to know how to refine diesel or bump a yale lock. If you make the barriers to entry too high, people just won't bother. A
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
