basic identity mgmt

Andrew Gallagher andrewg at
Fri Jan 15 21:21:55 CET 2016

On 15/01/16 19:33, Doug Barton wrote:
> On 01/11/2016 08:35 AM, Lachlan Gunn wrote:
>> For me it's problematic
>> because my certification key is on an offline machine, so it's
>> inconvenient to have to power it up and do a round-trip through the
>> airgap when I'm not going to propagate the signature anyway.  It's not a
>> dealbreaker but it's still a bit irritating.
> This is a good example of why that method of working with your keys is
> pointlessly complicated. :)

It's complicated, but not necessarily _pointlessly_ so. Depending on
circumstances it could be considered minimally prudent. I've worked on
several projects for more than one financial institution, and airgaps
like this are considered barely sufficient for some important keys. (Of
course in such projects the idea of a certification subkey not on the
airgapped machine would be completely unacceptable...)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160115/ebec1643/attachment-0001.sig>

More information about the Gnupg-users mailing list