[ale] PGP Subkey Expiration

Jason Fritcher jkf at wolfnet.org
Sun Feb 1 20:44:24 EST 2009


On Feb 1, 2009, at 7:09 PM, Andrew Grieser wrote:
> I have a pgp/gpg subkey that is about to expire (the encryption  
> subkey is expiring, not the master signing key), and was wondering  
> which action to take:
>
> 1) Extend expiration date
> 2) Let encryption subkey expire and generate a new encryption subkey
> 3) Let encryption subkey expire AND revoke it, and generate a new  
> encryption subkey
>
> Just wondering what normal practice was on this. The reason I  
> initially put an expiration date on the subkey was in case I ever  
> lost the keys and/or paranoia.

The last time I maintained a key with expiration dates, I let the  
original subkey expire and generated a new one. IMO, there is no need  
to revoke the previous key.

-- 
Jason Fritcher
jkf at wolfnet.org






More information about the Ale mailing list