Why 2.1 is delayed for so long

Werner Koch wk at gnupg.org
Tue Sep 23 14:58:09 CEST 2014

On Tue, 23 Sep 2014 12:14, infinity0 at pwned.gg said:

> "Two subkeys are the exception" because it's not the default and
> people don't know better. If it were made the default, it would become
> the norm. What is the disadvantage to having two subkeys?

Let's first ask ourselves what is the advantage of it?  I know only one
use case for a signing subkey which is to use the primary key only on an
offline machine.

> user] to do [X]". However, if you keep making arguments like this, the
> overall effect is that a typical user has to tweak a lot of things to
> get a maximal level of security, which is not good usability-wise.

The typical user shall use the defaults.  If you don't like the
defaults, please distribute your own modified version of the software.

> Another suggestion is, a revocation certificate should be
> automatically generated when a key is generated, with clear
> instructions on the user what to do with it.

Didn't you noticed the ~/.gnupg/openpgp-revocs.d ?



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list