Revocation certificate creation
Olav Seyfarth
olav at enigmail.net
Tue Feb 26 12:45:14 CET 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Hi Werner,
> Given that the default for smartcards is to store the backup on disk and
> ask the user to move it to a safer place, we might as well do something
> similar for revocation certificates. Comments?
my vote: yes. Non-intrusive information about what next steps should be. When
creating a key using Enigmail, it asks the user to save a rev cert. CLI should
do the same.
> Regarding a default expiration date: It may be useful if GUIs would do this
> (as long as they also offer an option to prolong the expiration).
Personally, I used to use expiration dates but found it unconvenient. On newer
keys, I rather make sure a have a rev cert in a safe place and set no expiry.
But that's a personal preference. And yes, a user really should do one or the
other at least.
Concerning expiration I vote to set to 3 years at least, but there are different
scenarios that have requirements: private messaging, company keys, ...
Olav
- --
The Enigmail Project - OpenPGP Email Security For Mozilla Applications
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (MingW32)
Comment: Dies ist eine elektronische Signatur - http://www.enigmail.net/
iQGcBAEBAwAGBQJRLKBEAAoJEKGX32tq4e9WIyQMAJ6tN9/xtYSsZMbn+5m/N6yD
e/HGd4uBHwJRGwTCqMOowIDqAOoXJAyKQ5VqwMXZoaDblC3HLp9kSHfEgxGPjQPR
aVorAzs9AmRDUv7hfyzdtktIKT5fLJANfM/tJzHO3yBQHkfvQdHf3Q5wCyM4Px3H
i6MYyYFPNWeGGdDT4DvdFuQVfyWSrVq/UFK5l7WyBxqnfr6jpljTe7So04QdHExS
rhaTdBIzfba66U7MYu8zsNtSRdjQT55HSmmwFuPKm9dYrG+6vTa5PWUajFyXo2dq
NDnUUonNDZUJde8prUJVJvGzW89eSS9CpgAB2ZpFgsHLv4gmHYX64IOAcPkAtRls
XAmbJDFKCn7CwGmFpwOcTq0df5wjHewLepGkdk3URShlikHJeYx/SiS78ToUUmfp
0bWonjDT2k0qpUDrFBtEwchrUh6z5jy4BgVHA+Z4m684+cgtBS61H8qCk0ZRwsz9
r42hIUTxUCwQPi01aLnBM7my0pCIWq+j/3vFaMJu3w==
=5TNP
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list