offline primary keys [was: Re: Why 2.1 is delayed for so long]

David Shaw dshaw at jabberwocky.com
Wed Sep 24 07:16:33 CEST 2014


On Sep 23, 2014, at 5:51 PM, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:

> As for Ximin's goals: I think the transition process could look like this:
> 
> 0) add a signing-capable subkey
> 1) remove signing-capability from primary key
> 2) move primary key offline

I understand the desire for steps 0 and 2, but I do not see the need for step 1. You can do 0 and 2 without doing 1.  Can you explain why you want 1?

I see actual problems for a primary key that can't issue signatures as well as certifications.

David




More information about the Gnupg-devel mailing list