Users are clumsy, they will lose access to their secret key material, they will
lose the revocation certificate, and if the keys do not expire, there is no way
to get rid of them.
Do not let users create keys without an expiration date unless they are in
We should explain that it is possible to renew a key, and that it is not a huge
problem to forget to renew the key in time.