Local-signing without (offline) private master key
Damien Goutte-Gattat
dgouttegattat at incenp.org
Mon Sep 12 14:16:46 CEST 2016
On 09/12/2016 11:04 AM, André Colomb wrote:
> Maybe the upcoming TOFU trust model would help my usage pattern?
I think so. Marking the binding between your correspondent's key and its
email address with a "good" TOFU policy (something that does not require
your private primary key) would be equivalent to locally signing the
key: it's a private statement (only available to yourself) that you
regard that key as valid, i.e. as belonging to the User ID it carries.
This does not prevent you from continuing to use the Web-of-Trust if
you're so inclined, as the "tofu+pgp" model allows you to use both TOFU
assertions and WoT certifications to validate a key.
If you're already using GnuPG >= 2.1.10 (with support for the TOFU
model), I would argue this is your best option.
Regards,
Damien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160912/3ce382ca/attachment.sig>
More information about the Gnupg-users
mailing list