When testing the signature for Issue #951 I noticed that the expiry date for the master key is indefinitely (this has also been mentioned in #719)
On the other hand nearly every Best Practice ever written advise strongly against it and recommend expiry dates shorter than two years (see randomly picked [1]), since the validity can be extend whenever you like even if it has already expired.
The subkeys on keybase.io already use the 2 years scheme so there have to be some sorts of ideas what do do on keybase site (at least for hosted private keys) what to do with them when the time has come. I imagine keybase prompting the user to unlock the key for automated expansion of the expiry date.
Since the process of lengthening the key lives is no different for the master keys than the subkeys I propose that the master keys follow this scheme as well.
This key expiry monitoring should be possible via CLI and GUI. Announcing the closing expiry date would be also appreciated - could be configurable option.
When testing the signature for Issue #951 I noticed that the expiry date for the master key is indefinitely (this has also been mentioned in #719) On the other hand nearly every Best Practice ever written advise strongly against it and recommend expiry dates shorter than two years (see randomly picked [1]), since the validity can be extend whenever you like even if it has already expired.
The subkeys on keybase.io already use the 2 years scheme so there have to be some sorts of ideas what do do on keybase site (at least for hosted private keys) what to do with them when the time has come. I imagine keybase prompting the user to unlock the key for automated expansion of the expiry date.
Since the process of lengthening the key lives is no different for the master keys than the subkeys I propose that the master keys follow this scheme as well.