Key Expiration - PGP

This is a discussion on Key Expiration - PGP ; I am asking myself the purpose of the expiration date for a PGP key. In which kind of practical situation could it be useful/necessary/judicious to have set an expiration date ? Is there any impact on my security to leave ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Key Expiration

  1. Key Expiration

    I am asking myself the purpose of the expiration date for a PGP key.

    In which kind of practical situation could it be
    useful/necessary/judicious to have set an expiration date ?

    Is there any impact on my security to leave 'never' in the expiration
    date field of my key generation wizards ?


    Thanks bunches
    Marie

  2. Re: Key Expiration

    Marie wrote:
    >
    > I am asking myself the purpose of the expiration date for a PGP key.
    >
    > In which kind of practical situation could it be
    > useful/necessary/judicious to have set an expiration date ?
    >
    > Is there any impact on my security to leave 'never' in the expiration
    > date field of my key generation wizards ?


    Many messages here (and on ) ask about
    revoking a public key when the owner has lost the private key or
    forgotten the passphrase. Such careless individuals should always
    set an expiration date (not more than a year, a month is better)
    when generating a new key-pair. An expired key is treated very
    much like a revoked key.

    However, a careful individual will always generate a revocation
    certificate on a floppy disc (or other remote medium) whenever
    generating a new key-pair. Then, if the private key is lost or the
    passphrase is forgotten, the public key can still be revoked. In
    this case, an expiration date might only serve to block the use of
    an old key by someone else who fails to check his or her keyring
    against key servers periodically for revoked keys.

    --

    David E. Ross


    I use Mozilla as my Web browser because I want a browser that
    complies with Web standards. See .

+ Reply to Thread