| 1 |
On Thu, Jul 5, 2018, at 08:36 CDT, Michał Górny <mgorny@g.o> wrote: |
| 2 |
|
| 3 |
> I don't really know the original rationale for this. |
| 4 |
> |
| 5 |
> The NIST standard says 1-3 years. If I were to guess, I'd say 1 year |
| 6 |
> was chosen for subkey because subkey expiring is a 'smaller' issue than |
| 7 |
> the whole key expiring, i.e. other users see the primary key as being |
| 8 |
> still valid. |
| 9 |
|
| 10 |
Quoting the NIST standard in this regard is a bit silly. It recommends |
| 11 |
that the total "cryptoperiod" (this is the total timeinterval a single |
| 12 |
key should be actively used) of a private key for the purpose of signing |
| 13 |
shall be 1 - 3 years. (The publickey for verification is unspecified) |
| 14 |
|
| 15 |
If we would follow this to the letter, we would all have to rotate (not |
| 16 |
extend) our pgp keys after 3 years. |
| 17 |
|
| 18 |
|
| 19 |
Can we just do something sensible here? I.e. requiring a key expiry of |
| 20 |
2 years on any key (primary and subkeys)? |
| 21 |
|
| 22 |
|
| 23 |
Two years is a reasonable timeframe. Everyone with an air-gapped primary |
| 24 |
key can afford the 30 minutes to update signatures *every other* year. |
| 25 |
|
| 26 |
Best, |
| 27 |
Matthias |
Archives