Hi Paul,

On 2017-10-26 11:55:31, I wrote to you:

 WvV> And I just read that you can always extend the expiration date on an
 WvV> already expired key, and send that out to the key servers. So there
 WvV> is no reason to not use an expiration date on keys. I think I'm gona
 WvV> set mine to 5 years...

This explains it very well:


Use an expiration date less than two years.

People think that they don't want their keys to expire, but you actually do.
Why? Because you can always extend your expiration date, even after it has
expired! This "expiration" is actually more of a safety valve or "dead-man
switch" that will automatically trigger at some point. If you have access to
the secret key material, you can untrigger it. The point is to setup something
to disable your key in case you lose access to it (and have no revocation
certificate).

Setting an expiration date means that you will need to extend that expiration
date sometime in the future. That is a small task that you will need to
remember to do (see next item about setting a reminder).

You may think that is annoying and you don't want to deal with it, but it is
actually good to be doing this on a regular basis so you keep your OpenPGP
skills fresh. It indicates to users that the key is still active, and that the
keyholder is using it, and gives you an opportunity to review the current
state of your tools, and best practices. Also, many people will not sign a key
that has no expiration date!

Source: https://preview.tinyurl.com/y77auelm


Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
 * Origin: FMail development HQ (2:280/464)