* Matthias Maier schrieb am 05.07.18 um 15:51 Uhr:
> 
> On Thu, Jul  5, 2018, at 08:36 CDT, Michał Górny <mgorny@gentoo.org> wrote:
> 
> > That said, I'm open to using a different recommendation, e.g. 2 years
> > as in riseup [1].  I suppose having the same time for both primary key
> > and subkeys would make the spec simpler, and many developers are
> > mistaking expiration times (as specified now) anyway.
> >
> > [1]:https://riseup.net/en/security/message-security/openpgp/best-practices#use-an-expiration-date-less-than-two-years
> 
> Make it at most 2, 3, (or as it has been so far 5) years for both
> primary and subkeys.

+1 for 5 years or at least 3.

Having to renew/edit the key each year seems crazy to me.

I have my primary key offline only, so renewing/editing it is a much 
more time consuming matter than if I had my primary key always with me 
which I consider a bad idea because you do not need to.


-Marc

-- 
0xCA3E7BF67F979BE5 - F7FB 78F7 7CC3 79F6 DF07
                     6E9E CA3E 7BF6 7F97 9BE5