From 1a9244dd8019d0ca17114ee48307ce542f38aca6 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@sequoia-pgp.org>
Date: Thu, 4 Nov 2021 09:32:15 +0200
Subject: Add note about revocation update benefit to key expiration

Closes #18
---
 sq-guide.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/sq-guide.md b/sq-guide.md
index b8bd9d3..d53e6db 100644
--- a/sq-guide.md
+++ b/sq-guide.md
@@ -542,12 +542,18 @@ key: if the key expires, others won't use it anymore. You can extend
 the expiration as often as you wish, although that requires getting
 your update certificate to everyone who needs to use it.
 
+Another, more subtle benefit of expiring keys is that a short
+expiration time (of, say, one year) forces everyone else to refresh
+their copy of your certificate. This routine means they will also get
+a revocation update for the key, if there's ever a need for that.
+
 You can also set subkeys to expire. This has the same benefits as
 expiring the primary key.
 
 Changing expiration times can be a chore. There's a security benefit
 to it, but if it's inconvenient for you, you may want to consider not
-expiring keys, or only expire subkeys.
+expiring keys, or only expire subkeys. Despite the benefits, it's
+better to have a non-expiring key than not have a key at all.
 
 
 ## Generating a key
-- 
cgit v1.2.1