On Thu, Jul 5, 2018, at 08:36 CDT, Michał Górny <mgo...@gentoo.org> wrote:
> I don't really know the original rationale for this. > > The NIST standard says 1-3 years. If I were to guess, I'd say 1 year > was chosen for subkey because subkey expiring is a 'smaller' issue than > the whole key expiring, i.e. other users see the primary key as being > still valid. Quoting the NIST standard in this regard is a bit silly. It recommends that the total "cryptoperiod" (this is the total timeinterval a single key should be actively used) of a private key for the purpose of signing shall be 1 - 3 years. (The publickey for verification is unspecified) If we would follow this to the letter, we would all have to rotate (not extend) our pgp keys after 3 years. Can we just do something sensible here? I.e. requiring a key expiry of 2 years on any key (primary and subkeys)? Two years is a reasonable timeframe. Everyone with an air-gapped primary key can afford the 30 minutes to update signatures *every other* year. Best, Matthias
signature.asc
Description: PGP signature
