On 21 Apr. 2017 3:57 am, "Doug Royer" <douglasroyer@xxxxxxxxx> wrote:
On 04/20/2017 11:35 AM, Viktor Dukhovni wrote:
On Thu, Apr 20, 2017 at 07:01:05PM +0200, Jon wrote:Only if you throw away old keys. Doctor, Doctor, it hurts when I do this. - So Do not do that :-)
+ Changing the private key can mean loss of access to email
encrypted under the old key.
Again, do not throw away the old keys. An MUA should not allow a user to throw away any key needed for any message still in the store. Yep - complex.
+ Signatures stop verifying when the signature key expires,
even though they were valid at the the email was received.
... And re-import every old key when you switch to a new MUA. Sounds like fun to enforce.
Cheers
--
Matthew Kerwin