long-term GPG signing key
Ian Brown
I.Brown at cs.ucl.ac.uk
Sun Jan 15 16:25:26 EST 2006
Travis H. wrote:
> Why the heck am I expiring encryption keys each year? Anyone who
> records the email can crack it even if the key is invalid by then.
> All it really does is crudely limit the quantity of data sent under
> that key, which is little to none anyway.
If your threat model includes attacks on the system(s) you use to
decrypt messages, or rubber hose/subpoena key-cracking, expiring *and
wiping* confidentiality keys limits the time during which the keys can
be compromised using those methods.
--
Blogzilla: ----> http://dooooooom.blogspot.com/
Say no to ID cards! http://www.pledgebank.com/refuse2
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list