Jesse Keating wrote:
I've heard that a good strategy if you're going to generate a non-expiring key is to generate the revocation key at the same time, and replicate that in even more places, so in the event that you lose your private key you can revoke it instead of waiting for it to expire.
I'd say that generating a revocation cert is always the first thing to do after creating a new key, whether it expires or not. You always want to be able to revoke a key if you get into a pinch for whatever reason.
Just peruse the archives of the pgp and gnupg lists and notice how often someone shows up with the "I uploaded a key to the keyserver and now I've lost the key because {my hard drive died,my dog ate it,etc}, so how do I delete the key from the keyservers?" problem. :)