Am Donnerstag 13 Oktober 2022 15:42:04 schrieb Teemu Likonen: > * 2022-10-11 17:23:49+0200, nect via Gnupg-users wrote: > > Since I was struggling to choose a strategy for expiring/renewing my > > subkeys [...] > > We should ask why do you want to expire (and rotate) your subkeys?
For encryption subkeys, rotating them adds a layer of protection. If this is worth the effort, you have to answer from your own perspective. To give a scenario or two: If an attacker gets access to a lot of old communication from you, they might be able to brute force an encryption key in the future. Or I maybe forced to give out an encryption key. Personally I have used a primary key with 10 years expiration and encryption subkeys with 2 years. It would only be a fifth of the communication that would be revealed. Also I could use stronger algorithms over the ten years, so it is not just a factor of five to crack, but much more. The effort was doable, but then again, I'm a regular crypto user and can use the exercise. ;) Regards Bernhard -- https://intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
