keybase / keybase-issues

A single repo for managing publicly recognized issues with the keybase client, installer, and website.
900 stars 37 forks source link

Expiry Date of generated Keys by Keybase #952

Open ghost opened 10 years ago

ghost commented 10 years ago

When testing the signature for Issue #951 I noticed that the expiry date for the master key is indefinitely (this has also been mentioned in #719) On the other hand nearly every Best Practice ever written advise strongly against it and recommend expiry dates shorter than two years (see randomly picked [1]), since the validity can be extend whenever you like even if it has already expired.

The subkeys on keybase.io already use the 2 years scheme so there have to be some sorts of ideas what do do on keybase site (at least for hosted private keys) what to do with them when the time has come. I imagine keybase prompting the user to unlock the key for automated expansion of the expiry date.

Since the process of lengthening the key lives is no different for the master keys than the subkeys I propose that the master keys follow this scheme as well.

edmundlaugasson commented 5 years ago

This key expiry monitoring should be possible via CLI and GUI. Announcing the closing expiry date would be also appreciated - could be configurable option.