long-term GPG signing key

Ian Brown I.Brown at cs.ucl.ac.uk
Sun Jan 15 16:25:26 EST 2006


Travis H. wrote:
> Why the heck am I expiring encryption keys each year?  Anyone who
> records the email can crack it even if the key is invalid by then. 
> All it really does is crudely limit the quantity of data sent under
> that key, which is little to none anyway.

If your threat model includes attacks on the system(s) you use to 
decrypt messages, or rubber hose/subpoena key-cracking, expiring *and 
wiping* confidentiality keys limits the time during which the keys can 
be compromised using those methods.
-- 
Blogzilla:    ---->    http://dooooooom.blogspot.com/
Say no to ID cards! http://www.pledgebank.com/refuse2


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list