[19646] in cryptography@c2.net mail archive
Re: long-term GPG signing key
daemon@ATHENA.MIT.EDU (Ian Brown)
Tue Jan 17 10:21:24 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sun, 15 Jan 2006 21:25:26 +0000
From: Ian Brown <I.Brown@cs.ucl.ac.uk>
To: "Travis H." <solinym@gmail.com>
Cc: "Perry E. Metzger" <perry@piermont.com>,
Ian G <iang@systemics.com>, cryptography@metzdowd.com
In-Reply-To: <d4f1333a0601112248u31623f05j70cd25fd8b66b2df@mail.gmail.com>
Travis H. wrote:
> Why the heck am I expiring encryption keys each year? Anyone who
> records the email can crack it even if the key is invalid by then.
> All it really does is crudely limit the quantity of data sent under
> that key, which is little to none anyway.
If your threat model includes attacks on the system(s) you use to
decrypt messages, or rubber hose/subpoena key-cracking, expiring *and
wiping* confidentiality keys limits the time during which the keys can
be compromised using those methods.
--
Blogzilla: ----> http://dooooooom.blogspot.com/
Say no to ID cards! http://www.pledgebank.com/refuse2
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
