Hi Paul,

On 2017-10-26 11:55:31, I wrote to you:

 WvV> And I just read that you can always extend the expiration date on an
 WvV> already expired key, and send that out to the key servers. So there
 WvV> is no reason to not use an expiration date on keys. I think I'm gona
 WvV> set mine to 5 years...

This explains it very well:


Use an expiration date less than two years.

People think that they don't want their keys to expire, but you actually
do. Why? Because you can always extend your expiration date, even after it
has expired! This "expiration" is actually more of a safety valve
or "dead-man switch" that will automatically trigger at some
point. If you have access to the secret key material, you can untrigger it.
The point is to setup something to disable your key in case you lose access
to it (and have no revocation certificate).

Setting an expiration date means that you will need to extend that
expiration date sometime in the future. That is a small task that you will
need to remember to do (see next item about setting a reminder).

You may think that is annoying and you don't want to deal with it, but it
is actually good to be doing this on a regular basis so you keep your
OpenPGP skills fresh. It indicates to users that the key is still active,
and that the keyholder is using it, and gives you an opportunity to review
the current state of your tools, and best practices. Also, many people will
not sign a key that has no expiration date!

Source: https://preview.tinyurl.com/y77auelm


Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815