1. Forum
  2. FidoNet
  3. PUBLIC KEYS

  • Key expiry

    From Paul Hayton@3:770/100 to All on Mon Jul 6 10:19:18 2020
    How long do you suggest a key should be valid for?

    I'm not certain, I'd set an expiry on one I created with an open end value in 2016 to 2018 y/day but now I'm wondering if that's a wise move or not?

    I say that as my limited understanding of keys so far is that they gain
    greater trust when signed by others but if I expire a key after only less
    than 12 months to go then surely I have to start all over again with getting the new on signed etc. so in my mind it's a disincentive to expire it?

    Thoughts welcome.

    Paul

    --- Mystic BBS v1.12 A36 (Windows/32)
    * Origin: Agency BBS | telnet://agency.bbs.geek.nz (3:770/100)
  • From Paul Hayton@3:770/100 to Wilfred van Velzen on Mon Jul 6 10:19:18 2020
    On 10/26/17, Wilfred van Velzen pondered and said...

    This explains it very well:

    It does, thanks :)

    I think I will set mine 3 years in to the future and then extend thereafter
    as needed.

    I also need to consider if this current key is technically strong enough now or if I should shutter it and create a new one using a stronger process and
    set that one to expire 3 years from now?

    --- Mystic BBS v1.12 A36 (Windows/32)
    * Origin: Agency BBS | telnet://agency.bbs.geek.nz (3:770/100)
  • From Paul Hayton@3:770/100 to Wilfred van Velzen on Mon Jul 6 10:19:18 2020
    On 10/26/17, Wilfred van Velzen pondered and said...

    idea. I have some keys from the early 90's that I don't remember the passwords of, that just take up space on the keyservers, but I can't do anything with.

    Same here :)

    It seems a rather short period.

    Agreed... 3 years (see my other reply) may be better

    If you sign your new key with the old one, there is a web of thrust that goes back to the signers of the old key. But I don't know how that works with expired keys. There is probably less thrust when there are expired keys involved.

    Had not considered that, an expired key to my mind is just that so I can't
    see why anyone would want to include it in a future key?

    Whatever period you choose, at least generate revokation certificates
    and keep them in a save place, so if you loose the passwords of your key you can still revoke them...

    I need to learn how to do this and am not sure how to as yet, I'm using a windows tool paired with the gnupgp ... hmmm

    And I just read that you can always extend the expiration date on an already expired key, and send that out to the key servers. So there is
    no reason to not use an expiration date on keys. I think I'm gona set
    mine to 5 years...

    Fair enough :)

    --- Mystic BBS v1.12 A36 (Windows/32)
    * Origin: Agency BBS | telnet://agency.bbs.geek.nz (3:770/100)