From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-58649-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id D4A84138B02
	for <garchives@archives.gentoo.org>; Tue, 19 Feb 2013 07:38:35 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id B14E321C00D;
	Tue, 19 Feb 2013 07:38:33 +0000 (UTC)
Received: from mail-vb0-f43.google.com (mail-vb0-f43.google.com [209.85.212.43])
	(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id BBF65E04D6
	for <gentoo-dev@lists.gentoo.org>; Tue, 19 Feb 2013 07:38:32 +0000 (UTC)
Received: by mail-vb0-f43.google.com with SMTP id fs19so4124903vbb.30
        for <gentoo-dev@lists.gentoo.org>; Mon, 18 Feb 2013 23:38:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:x-received:in-reply-to:references:date:message-id
         :subject:from:to:content-type;
        bh=KnaNy5eFsGpBDEXi8gJaP+1Jxh+fNckazuAlH4KUGaw=;
        b=e9V7EbD2h9qxRxaPttxRbFPbNonQGvLXjHIx2KVtrx7pdX6FN61VPPZpu5+nJaRCc1
         5/T+KOryzykx1kYfrw+8v3pfdQ6Qdq4NvvMm2zz3z13W5YjuNkdNPJckLZqvbjSimkQV
         u8DjVC3nS8TM+cSV+BVQSiX7/poC/fD8GquIUuvZH0TJ7CL/nOLx0BzOEym5VK4D+MFr
         UoxYWIcobbi8M16DJnz+D/N9xs6GaQh/x0PipP+puX5yWOjLD/zs+4qRq4cY3MieTei7
         5KcaDvaLKZi2PKUUgmsBM75zCTCYNMDKWeous6VTuJTfUteNinhC/bR/gBFHpy23doGZ
         TAww==
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
X-Received: by 10.52.29.231 with SMTP id n7mr16763604vdh.103.1361259511910;
 Mon, 18 Feb 2013 23:38:31 -0800 (PST)
Received: by 10.58.163.132 with HTTP; Mon, 18 Feb 2013 23:38:31 -0800 (PST)
In-Reply-To: <robbat2-20130219T040712-361687462Z@orbis-terrarum.net>
References: <robbat2-20130218T224715-868658579Z@orbis-terrarum.net>
	<robbat2-20130218T234016-332930856Z@orbis-terrarum.net>
	<CAATnKFBuNko_ZxK0_63pXK0BcnGrmu6m1WxqcUDjFNL5QjrcZA@mail.gmail.com>
	<robbat2-20130219T040712-361687462Z@orbis-terrarum.net>
Date: Tue, 19 Feb 2013 20:38:31 +1300
Message-ID: <CAATnKFBvXEioNTn-axOLNJt63y4Gyn25b_5obeQ4pg-tkig+XA@mail.gmail.com>
Subject: Re: [gentoo-dev] RFC: Gentoo GPG key policies
From: Kent Fredric <kentfredric@gmail.com>
To: gentoo-dev@lists.gentoo.org
Content-Type: text/plain; charset=UTF-8
X-Archives-Salt: 70fc718f-dfbd-413a-9bfe-bbfe34eac2c6
X-Archives-Hash: 7a5e15f0e8fe7118bc4586622f6cd4d6

> The key rotation as described in RiseUp best practices should be a very
> rare occurrence. Each dev is going to run it at most once.
>

Some material I read recommended doing a key rotation every 6 months,
which I did for a while until it got tiresome to perform the rotation.

I believe the rationale behind it was basically, the longer you use a
key, and the more data you produce signed by a key, the more leverage
an attacker has against you to compromise the key.

But I have no idea if that is really relevant or not.

-- 
Kent

perl -e  "print substr( \"edrgmaM  SPA NOcomil.ic\\@tfrken\", \$_ * 3,
3 ) for ( 9,8,0,7,1,6,5,4,3,2 );"

http://kent-fredric.fox.geek.nz