'sign (and cert)' or just 'cert' on a master key with subkeus
MFPA
2014-667rhzu3dc-lists-groups at riseup.net
Tue Aug 1 13:45:59 CEST 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Monday 31 July 2017 at 10:11:16 PM, in
<mid:CAJ-6NAtde3Hhkzu0d-zGo0wPmyxpnNGX+fjyTBCkxwNvzMnGhA at mail.gmail.com>,
Gabriel Philippe wrote:-
> A good practice is to define close expiration dates
> for keys and
> subkeys, and regularly postpone them (or renew
> subkeys), which is only
> possible with the "master" offline key and not with
> the possibly
> compromised subkeys. This forces those people who
> never refresh keys
> to do it, or complain, or for most of them abandon
> PGP because they
> get painful warnings and this stupid thing does not
> work.
Shouldn't "auto-key-locate" in their gpg.conf take care of this?
> Furthermore, if you start sending messages signed
> with a new subkey,
> people who have not refreshed your key will get error
> messages,
> hopefully refresh the key (or complain or abandon
> PGP), and get both
> the revocation certificates and the new subkeys.
> Without even having
> to understand what happens.
Doesn't "auto-key-retrieve" in their gpg.conf take care of this?
- --
Best regards
MFPA <mailto:2014-667rhzu3dc-lists-groups at riseup.net>
COMMITTEE: A body that keeps minutes and wastes hours.
-----BEGIN PGP SIGNATURE-----
iNUEARYKAH0WIQQzrO1O6RNO695qhQYXErxGGvd45AUCWYBp+V8UgAAAAAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNB
Q0VENEVFOTEzNEVFQkRFNkE4NTA2MTcxMkJDNDYxQUY3NzhFNAAKCRAXErxGGvd4
5FEIAQDvA6JSDkleHhXh9GlhvFrjXA2L87L/PioEPaQULJ3IaAD9FNehHS/P81Wm
4+Cmo/2cBDXJuGCI2LLYgWoX7DoINAGJAZMEAQEKAH0WIQSzrn7KmoyLMCaloPVr
fHTOsx8l8AUCWYBp+V8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0QjNBRTdFQ0E5QThDOEIzMDI2QTVBMEY1NkI3
Qzc0Q0VCMzFGMjVGMAAKCRBrfHTOsx8l8CjvCACqKuwJx4kkMUmTZi53BRiw/DRU
Cvo8jMR412LTBATmjfbvHanv60+k+Xr/s6suzZuHDdGzePBED+Dm6Vcka6EfPAF8
DCmEBMJ4g+kduy3AyoHuuRS97h17KTfCsqeyfiKQ2gKBh1xNkW83NOj8gJxJu/PO
fbKuEcPWxIUVtU7UDIAQH5YtqKn56X/qAJg0jpKX6+BG4+0Bp+UCpiDxwL2VlVdI
OQeC6TZw2aAGKN5eIDtOcJjj2Td2BazHyiNGbYCkjKcZUT2DBuYXl+ZTxPr6jAKd
q/qa5k0hL+mZJlBj+jR4SbpvoL1XFDWtNWBgyUjE/1W1jhROdBZW7V7CLRLR
=OdAB
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list