|
|
|
|
|
|
by lmm
3732 days ago
|
|
|
If your key was stored with no passphrase (or you're using the agent and had signed something just that minute) and you think there's a realistic possibility the thief will do something other than wipe the laptop immediately and you have no other copy, sure, I guess. I wouldn't expect a state-like adversary that wanted to steal your signing key to use such an attack (much more visible and riskier than just taking the key and leaving the laptop). And I'd expect the kind of person who takes their keys with them on a laptop to have copies in other places. (I mean ideally you'd always back up your keys and/or revocation certificate, but it's always a question of risk factors. Allowing "unexpiration" definitely induces some risks; the question is are they higher or lower (given the costs) than not allowing it?) |
|
|