offline primary keys [was: Re: Why 2.1 is delayed for so long]
David Shaw
dshaw at jabberwocky.com
Wed Sep 24 07:16:33 CEST 2014
On Sep 23, 2014, at 5:51 PM, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> As for Ximin's goals: I think the transition process could look like this:
>
> 0) add a signing-capable subkey
> 1) remove signing-capability from primary key
> 2) move primary key offline
I understand the desire for steps 0 and 2, but I do not see the need for step 1. You can do 0 and 2 without doing 1. Can you explain why you want 1?
I see actual problems for a primary key that can't issue signatures as well as certifications.
David
More information about the Gnupg-devel
mailing list