1 |
On Thu, Jul 5, 2018, at 08:36 CDT, Michał Górny <mgorny@g.o> wrote: |
2 |
|
3 |
> That said, I'm open to using a different recommendation, e.g. 2 years |
4 |
> as in riseup [1]. I suppose having the same time for both primary key |
5 |
> and subkeys would make the spec simpler, and many developers are |
6 |
> mistaking expiration times (as specified now) anyway. |
7 |
> |
8 |
> [1]:https://riseup.net/en/security/message-security/openpgp/best-practices#use-an-expiration-date-less-than-two-years |
9 |
|
10 |
Make it at most 2, 3, (or as it has been so far 5) years for both |
11 |
primary and subkeys. |
12 |
|
13 |
Best, |
14 |
Matthias |