Help me to import my secret key please

MFPA expires2010 at ymail.com
Mon May 17 18:47:33 CEST 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Wednesday 12 May 2010 at 9:48:34 PM, in
<mid:4BEB1422.8030604 at fifthhorseman.net>, Daniel Kahn Gillmor wrote:


> On 05/12/2010 02:06 PM, MFPA wrote:
>> Although the comment could just state it was his new key from
>> dd/mm/yyyy without mentioning any other key(s).

> even this comment would be superfluous, since the key
> has a "Created on" timestamp built in.

Of course; the un-necessary comment would simply add emphasis.



>  Also, his
> statement isn't really part of a person's identity,
> which makes it more dubious to put it in the User ID as
> well.

Nearly 20% of the keys in my keyring have something in the User ID
that is clearly not part of a person's identity.

What would you say was a non-dubious use of the "comment" field within
the User ID?



[...]

> Expiry dates on keys are only useful as a safeguard
> against accidental destruction of the secret key
> material, not against loss of control of the secret key
> material to a malicious party.

True. An expiry date would have been useful on the thread-starter's
key, which was lost in a system failure, but obviously not in the case
of a compromised secret key.



> This whole scenario is a good argument for what is
> already accepted best-practice: generate a
> worst-case-scenario revocation certificate immediately
> after generating your key, and store that revocation
> certificate securely in an offline place (e.g. print it
> to good paper and destroy the digital copy).  This
> means there are no extra keys to manage, and no third
> parties to rely on (unless you want to send a copy of
> your revocation certificate to a trusted friend for use
> in an emergency).

A good point, well made.


- --
Best regards

MFPA                    mailto:expires2010 at ymail.com

Dogs look up to us. Cats look down on us. Pigs treat us as equals.
-----BEGIN PGP SIGNATURE-----

iQCVAwUBS/FzM6ipC46tDG5pAQqdMgQAhS7AB64C8/fdh9LzHS0YKZGd+rByZsb/
szGM2S2LkHAHwEigzFP1lxkzOGFoBsYbWSE5U65Fbz2Yiu4F/+m4FgMgc/lqOLyR
98CNkQIGQmkFe1VwFf05vf/GN77iP6EYBQMRgrGRE+fRuYSFbbLUAJcrBmEr24ut
nWFT+18PLlQ=
=86v+
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list