Hi Paul,

On 2017-10-26 22:08:17, you wrote to All:

 PH> How long do you suggest a key should be valid for?

That depends, on your use case. ;)

I make mine valid forever. In hindsight that might not have been a good
idea. I have some keys from the early 90's that I don't remember the
passwords of, that just take up space on the keyservers, but I can't do
anything with.

 PH> I'm not certain, I'd set an expiry on one I created with an open end
 PH> value in 2016 to 2018 y/day but now I'm wondering if that's a wise
 PH> move or not?

It seems a rather short period.

 PH> I say that as my limited understanding of keys so far is that they
 PH> gain greater trust when signed by others but if I expire a key after
 PH> only less than 12 months to go then surely I have to start all over
 PH> again with getting the new on signed etc. so in my mind it's a
 PH> disincentive to expire it?

If you sign your new key with the old one, there is a web of thrust that
goes back to the signers of the old key. But I don't know how that works
with expired keys. There is probably less thrust when there are expired
keys involved.

 PH> Thoughts welcome.

Whatever period you choose, at least generate revokation certificates and
keep them in a save place, so if you loose the passwords of your key you
can still revoke them...

And I just read that you can always extend the expiration date on an
already expired key, and send that out to the key servers. So there is no
reason to not use an expiration date on keys. I think I'm gona set mine to
5 years...

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815