On 12/12/2018 21:43, Wiktor Kwapisiewicz wrote: >> Should I issue and publish a revocation certificate? Will this cause >> problems considering that I'm still using the same master key? > > I don't think revocation is necessary if the private subkeys are still safe.
Yes, they are still safe. On thinking about it, issuing a revocation certificate could be overkill. It might even cause more confusion than it is meant to solve. > It may be just inconvenient for people that want to contact you / verify your > signatures to see your subkeys expired and when they "gpg --refresh-keys" (as > they always do) your key would still be expired with no apparent way of > proceeding. If I saw something like that I'd think the key is abandoned. Indeed, so would I. But then there's also a pretty good chance that the same person might write to me and ask, "Hey, what's up with your OpenPGP keys?" Then I could explain and point them to the right place. Or, by then, my website or my email signature might have enough information to point them in the right direction before it even becomes an issue. > If you had HTTPS on your site I'd recommend Web Key Directory as this > downloads > keys from your site *and* refreshes expired keys from your site too > automatically. I am coincidentally currently in the process of provisioning an Apache server with HTTPS/443 enabled. Not even HTTP/80 will be open, so HTTP to HTTPS redirection won't be implemented either. I've looked up Web Key Directory and had a quick browse, and this is exactly the kind of thing I need. Thank you!! Kind regards, Andrew -- EB28 0338 28B7 19DA DAB0 B193 D21D 996E 883B E5B9
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
