Hacker News new | ask | show | jobs
by sourpoi 3732 days ago
Regarding expiration, from the article:

  you can always extend your expiration date, even
  after it has expired! This “expiration” is actually
  more of a safety valve or “dead-man switch” that will
  automatically trigger at some point. If you have access
  to the secret key material, you can untrigger it.
..and later:

  If you forget your passphrase or if your private key is
  compromised or lost, the only hope you have is to wait
  for the key to expire (this is not a good solution), or
  to activate your revocation certificate by publishing
  it to the keyservers.
If we respect un-expiration then expiration offers no protection at all against a compromised signing key ..leaving the revocation certificate as our only hope.
1 comments
lmm 3732 days ago
Only in cases where you have both lost access to the signing key and lost confidentiality of the signing key at the same time, which seem pretty unlikely.
link
r0muald 3732 days ago
Wouldn't this be the case for the commonly stolen laptop where you had the only copy of your signing key?
link
lmm 3732 days ago
If your key was stored with no passphrase (or you're using the agent and had signed something just that minute) and you think there's a realistic possibility the thief will do something other than wipe the laptop immediately and you have no other copy, sure, I guess. I wouldn't expect a state-like adversary that wanted to steal your signing key to use such an attack (much more visible and riskier than just taking the key and leaving the laptop). And I'd expect the kind of person who takes their keys with them on a laptop to have copies in other places.

(I mean ideally you'd always back up your keys and/or revocation certificate, but it's always a question of risk factors. Allowing "unexpiration" definitely induces some risks; the question is are they higher or lower (given the costs) than not allowing it?)

link
mdasher 3732 days ago
If you follow riseup.net's recommendation you'll keep your signing key backed up and offline. The only key on your laptop would be a subkey that could be revoked using the offline key or its backup.
link