Docs central, with 'Email Self-Defence'
Suspekt
suspekt at gmx.de
Sun Jun 8 18:51:39 CEST 2014
Am 08.06.2014 18:28, schrieb Peter Lebbing:
> On 08/06/14 17:49, Suspekt wrote:
>> I have some links about key creation and gpg in general that I would provide of
>> course.
>
> There is a /lot/ of bad advice out there; I'd be wary of linking to it.
I understand that. But those links are out there and just by searching
on the internet you'll find a lot of some, because they seem to quite
popular on google... Maybe start a "bad practice" list? naming and shaming?
> There is no single best way, a lot of bad ways, and a lot of clashing outspoken
> opinions.
>
> In my humble opinion, the best advice is: stick to the defaults, they are there
> for a reason. Unless you have a specific threat model, in which case, good for
> you, work with that, not your gut feeling.
I really like the idea of taking the threat model approach. The problem
I see: What if I have a thread model with needs beyonds defaults? Say I
assume that someone could launch a targeted attack, where should I look
up best practices then?
I recently started to dive into gpg and find it very hard to find
reliable information between "just stick to the defaults" and "look up
rfc4880". Looking at the gnupg homepage I can choose between 1-4 howtos,
a 158 page manual, the man page, the gnu privacy handbook and the gnu FAQ.
I think that is part of the reason for many blog posts and some of the
questions on this mailinglist: based on the official documentations it's
kind of hard to do the step between "beginner" and "master of the gpg
universe".
More information about the Gnupg-users
mailing list