Web lists-archives.com

Re: Expired GPG keys of older release

rhkramer@xxxxxxxxx writes:

> On Wednesday, June 20, 2018 10:25:25 PM Ben Finney wrote:
> > In other words: Yes, it's inconvenient, but it's because *no one can
> > know* with confidence any more whether that key has been compromised.
> Well, I should study up more on keys and expiration, but isn't the
> situation much the same before the key expires? I mean, the issuer /
> owner of the key really doesn't know whether the key has been
> compromised?

The difference is in the degree of confidence that can be expected. When
the key was created, the key's creator thereby expressed the upper bound
of duration for that confidence remaining acceptably high.

 \      “Say what you will about the Ten Commandments, you must always |
  `\         come back to the pleasant fact that there are only ten of |
_o__)                                         them.” —Henry L. Mencken |
Ben Finney