Why 2.1 is delayed for so long

Ximin Luo infinity0 at pwned.gg
Tue Sep 23 15:25:15 CEST 2014

On 23/09/14 13:58, Werner Koch wrote:
> On Tue, 23 Sep 2014 12:14, infinity0 at pwned.gg said:
>> "Two subkeys are the exception" because it's not the default and
>> people don't know better. If it were made the default, it would become
>> the norm. What is the disadvantage to having two subkeys?
> Let's first ask ourselves what is the advantage of it?  I know only one
> use case for a signing subkey which is to use the primary key only on an
> offline machine.

Yes, this is the use-case. It's clearer architecturally. Longer-term benefits include not accidentally using the master key for signing, for a naive program that has access to your master key. If you prefer "less keys", why not default to Certify+Sign+Authenticate? I am not sure Certify+Sign makes sense from any position.

>> user] to do [X]". However, if you keep making arguments like this, the
>> overall effect is that a typical user has to tweak a lot of things to
>> get a maximal level of security, which is not good usability-wise.
> The typical user shall use the defaults.  If you don't like the
> defaults, please distribute your own modified version of the software.

You are being hasty and this is extremely unproductive logic. We are talking about what the defaults *should be*. You know that it's extremely costly to distribute a fork; I start at a disadvantage if I want to test the validity of my ideas in the market. Your ultimatum is about as short-sighted as saying "if you don't like the laws, get out of the country".

>> Another suggestion is, a revocation certificate should be
>> automatically generated when a key is generated, with clear
>> instructions on the user what to do with it.
> Didn't you noticed the ~/.gnupg/openpgp-revocs.d ?

No, I did not. If you expect people to notice this, you should mention this when a key is generated, and also in the man page.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140923/9b428e89/attachment.sig>

More information about the Gnupg-devel mailing list