Robert L Cochran wrote: > My gpg key expired last month and I didn't notice it till today. I > used gpg --edit-key to extend the expiration date by a year, then I > sent it to one of the key servers, subkeys.pgp.net. Is this an > acceptable practice? Google searches yielded a few comments > suggesting that an expired key could be revoked and a new key > generated. I'm unsure what accepted practice is. Either is acceptable. For example, Werner Koch recently extended the expiration date of the key used to sign gpg releases: http://lists.gnupg.org/pipermail/gnupg-announce/2009q1/000282.html Anytime you have a key expiring, it is a good time to ask yourself whether it's time to create a new key or extend the life of the old one. Good reasons to create a new key include using larger key size. Good reasons to continue using your existing key include keeping the signatures on the key so that any trust you've built up by others signing your key remains. There isn't a simple, one size fits all answer to this question. :) -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ No one gets too old to learn a new way of being stupid.
Description: PGP signature