riseup.net OpenPGP Best Practices article

Nex6|Bill n6ghost at yahoo.com
Tue Jun 24 18:50:04 CEST 2014


I just finished reading the article, I don't know anyone who does all of those things. most people I know
who are advid GPG users, gen a key, maybe a revoke, upload it to a keyserver sometimes. and that's about it.

using subkeys, offline keys etc, adds way more complexity to something arguably that's already complex.
anykind of "best practice", should be simple, so that it encourages a sane baseline for people. things like
RSA vs DSA, key size etc, should be in it. not a long doc that that has you doing primary and secondary 
keys....   



On Tuesday, June 24, 2014 9:24 AM, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
 

>
>
>> Just for the records: _I_ do not consider the use of a 4096 bit RSA key
>> and a preference for SHA-512 a best practice.
>
>I'll go one step further: I think the article is going to do more harm
>than good.
>
>When young people ask me where to begin programming, I tell them to just
>begin.  Don't worry about whether Javascript is better than Python or C
>or anything else: just find something they think is neat and start.  The
>most important thing for them is to begin, and the second-most important
>thing is for them to finish what they begin.  Only later, once they're
>well and truly on their way, should they start worrying about technical
>details.
>
>The same applies here.  The most important thing in using GnuPG is that
>people begin using it; the second-most important thing is that they keep
>on using it.  Guides such as these may ultimately do more harm than
>good, in that they tend to lead new users into thinking they *have* to
>do all these things, daunting and maybe even scary things (and let's be
>clear: there's a lot of opaque terminology and technical jargon there!),
>in order to effectively use GnuPG.
>
>Which just isn't true.
>
>The best practice for GnuPG: --gen-key and find a plugin for your email
>client.  Everything after that needs to be relegated to an advanced
>class.  There's nothing wrong with advanced material: advanced material
>is great.  But let's not go about scaring newcomers by making them think
>they need to do and understand all of that.
>
>
>_______________________________________________
>Gnupg-users mailing list
>Gnupg-users at gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140624/544b11b4/attachment.html>


More information about the Gnupg-users mailing list