Help me to import my secret key please
expires2010 at ymail.com
Mon May 17 18:47:33 CEST 2010
-----BEGIN PGP SIGNED MESSAGE-----
On Wednesday 12 May 2010 at 9:48:34 PM, in
<mid:4BEB1422.8030604 at fifthhorseman.net>, Daniel Kahn Gillmor wrote:
> On 05/12/2010 02:06 PM, MFPA wrote:
>> Although the comment could just state it was his new key from
>> dd/mm/yyyy without mentioning any other key(s).
> even this comment would be superfluous, since the key
> has a "Created on" timestamp built in.
Of course; the un-necessary comment would simply add emphasis.
> Also, his
> statement isn't really part of a person's identity,
> which makes it more dubious to put it in the User ID as
Nearly 20% of the keys in my keyring have something in the User ID
that is clearly not part of a person's identity.
What would you say was a non-dubious use of the "comment" field within
the User ID?
> Expiry dates on keys are only useful as a safeguard
> against accidental destruction of the secret key
> material, not against loss of control of the secret key
> material to a malicious party.
True. An expiry date would have been useful on the thread-starter's
key, which was lost in a system failure, but obviously not in the case
of a compromised secret key.
> This whole scenario is a good argument for what is
> already accepted best-practice: generate a
> worst-case-scenario revocation certificate immediately
> after generating your key, and store that revocation
> certificate securely in an offline place (e.g. print it
> to good paper and destroy the digital copy). This
> means there are no extra keys to manage, and no third
> parties to rely on (unless you want to send a copy of
> your revocation certificate to a trusted friend for use
> in an emergency).
A good point, well made.
MFPA mailto:expires2010 at ymail.com
Dogs look up to us. Cats look down on us. Pigs treat us as equals.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users