On 07/20/2010 06:37 AM, Michael Fladerer wrote:
Hi Lars, On Mon Jul 19, 2010 at 23:47:42 -0700, Lars Wirzenius wrote:(I also hope that I've now verified that my new key is fine, except for lacking an expiration date. But I hope I can fix that without generating a new key.)yes, that's pretty simple:
I'd want to state here that I don't consider a key without an expiration date to be broken as such. (Nor do I consider a key *with* an expiration date to be broken.)
I don't really buy the argument that an expiration date improves security, and think that it may hurt it in some ways.
If my private key and my private key passphrase are compromised, an attacker can easily publish a key with an extended expiration date.
If they are not compromised, and I fail to notice that the key has expired, suddenly I can't make valid signatures or have others send me encrypted files until I can extend it and get the extension propogated everywhere -- a process that could take 2+ years, for people that use the debian-keyring package from stable. The web of trust could be broken or at least impaired.
I have no problem with other people setting expiration dates on their keys; that's their preference and choice. I just want to make sure my own key won't be rejected by Debian or the keysigning if it lacks an expiration date.
(Note: subkeys permit some nice things here; you can have subkeys with expiration dates, main keys without, and distribute new subkeys to your boxen once a year, having generated them a year or two in advance.)
-- John