Dashamir Hoxha dashohoxha at gmail.com
Tue Mar 22 23:10:49 CET 2016

On Tue, Mar 22, 2016 at 10:21 PM, Peter Lebbing <peter at digitalbrains.com>

> Your one month expiry thing is not well thought through. Not only will the
> owner
> need to re-sign and redistribute every damn month, but all his contacts
> will
> pretty much always need tor refresh the key before they can use it, /even/
> if
> they are currently working offline (e.g., commuting), which means they
> simply
> need to wait until they have network coverage again. The 4k RSA primary
> key with
> 3 subkeys grows by 2 kilobytes on the keyserver every single month (new
> expiry
> signatures). When, not if but when the user forgets to renew, his contacts
> have
> no other recourse than to contact the user in plain text to remind them of
> their
> forgetfulness.

You got this wrong. It does not enforce 1 month expiry. Right after
creating the key you can change its expiry to 10y, if you wish. But if you
say nothing, after 1m you will have to renew it (if you still remember the
passphrase). This is like a safety measure for people who are not familiar
with gpg.

> And why is your primary key capable of encryption? One of the reasons for
> subkeys is so you don't have to use the same key material for both
> encryption
> and signing, since this opens up some subtle points of attack that are
> easily
> avoided.

What is wrong with that? As long as there is a subkey for encryption, gpg
will use the subkey for encryption, even if the primary key is capable of

> Current GnuPG is the culmination of several decades of very hard work by
> talented people. Don't forget that when you think something isn't as you
> think
> it should be.

I did not judge the people who built GnuPG. And I know that it is easier to
criticize than to do something better. Actually my goal was not to replace
GnuPG, my goal was to make things a bit simpler (especially for beginners).
And I beleive that this can be done with a bunch of simple shell scripts.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160322/8cd47c6a/attachment.html>

More information about the Gnupg-users mailing list