First steps with GPG, am I off to a good start?

Hauke Laging mailinglisten at hauke-laging.de
Sat Oct 12 01:10:16 CEST 2013 

Am Sa 12.10.2013, 00:53:30 schrieb Robin Kipp:

> >   "Robin Kipp (normal security level subkeys with offline mainkey)"
> 
> This is something I'm not really sure about, for the reasons that Daniel
> pointed out in his reply - putting in such a 'dummy UID' might confuse
> someone wanting to sign my key, as it cannot be verified.

It is a very strange assumption that only such things should be certified that 
can be "verified". The certifier makes a statement. This is

a) "I have seen a passport or similar document and compared that to the person 
I met"

or

b) "The person I met has claimed that the mainkey of this certificate is used 
in a secure offline environment only"

What makes the one statement better than the other? You usually cannot prove 
that a certain person has shown you a certain passport-like document. And 
without a manual signature you cannot even prove that the person has claimed 
that a certain key belongs to him or her.

The WoT will stay close to useless if we do not get a system for certifying 
such status information. And what do you lose if someone does not certify this 
UID? Nothing. On the other hand many people who were not aware of the feature 
learn that there is something called an "offline mainkey" and thus may learn 
something very important about crypto keys.


> as I wouldn't want to sign someone else's key before
> my knowledge and understanding is more mature.

For that problem the local signature (lsign) was invented.


> As for the preferred
> keyserver, I think Daniel's comment on that makes sense. For example, I use
> eu.pool.sks-keyservers.net, which links to a pool of servers rather than
> just a single server. I'm not sure if putting in an address like that would
> make sense at all… Robin

I set eu.pool.sks-keyservers.net as the preferred keyserver for all keys which 
I create or help create. Why should that be a problem? Because we don't know 
whether some technical failure may occur?


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20131012/842bc25d/attachment-0001.sig>

More information about the Gnupg-users mailing list