1 |
On Thu, Jul 5, 2018, at 08:36 CDT, Michał Górny <mgorny@g.o> wrote: |
2 |
|
3 |
> I don't really know the original rationale for this. |
4 |
> |
5 |
> The NIST standard says 1-3 years. If I were to guess, I'd say 1 year |
6 |
> was chosen for subkey because subkey expiring is a 'smaller' issue than |
7 |
> the whole key expiring, i.e. other users see the primary key as being |
8 |
> still valid. |
9 |
|
10 |
Quoting the NIST standard in this regard is a bit silly. It recommends |
11 |
that the total "cryptoperiod" (this is the total timeinterval a single |
12 |
key should be actively used) of a private key for the purpose of signing |
13 |
shall be 1 - 3 years. (The publickey for verification is unspecified) |
14 |
|
15 |
If we would follow this to the letter, we would all have to rotate (not |
16 |
extend) our pgp keys after 3 years. |
17 |
|
18 |
|
19 |
Can we just do something sensible here? I.e. requiring a key expiry of |
20 |
2 years on any key (primary and subkeys)? |
21 |
|
22 |
|
23 |
Two years is a reasonable timeframe. Everyone with an air-gapped primary |
24 |
key can afford the 30 minutes to update signatures *every other* year. |
25 |
|
26 |
Best, |
27 |
Matthias |