FAQ October 2019 update
dgouttegattat at incenp.org
Wed Oct 16 00:14:36 CEST 2019
On Tue, Oct 15, 2019 at 03:17:58PM -0400, Robert J. Hansen wrote:
>... Those were the high-priority changes that needed to be made. If
>anyone has other suggestions, speak up: I'm listening. :)
A while ago (I can’t find the e-mail anymore) I suggested a few changes
that somehow didn’t find their way to the FAQ and then I forgot about
them. Allow me to submit them again.
Those changes are all related to the fact that modern (≥ 2.1) GnuPG
automatically creates a revocation certificate whenever it creates a new
key pair, and stores it in $GNUPGHOME/openpgp-revocs.d.
In section 7,17 (What’s a ‘revocation certificate’?), it’s no longer
recommended to create a revocation certificate immediately after
generating a new GnuPG certificate. Instead, this section may state that
GnuPG already creates one when creating a GnuPG certificate, and that it
can be found in $GNUPGHOME/openpgp-revocs.d.
Similarly, section 8.5 (“What should I do after making my certificate”)
should no longer say to generate a revocation certificate, but again may
indicate where to find the one automatically generated by GnuPG, and
advise to store it in a safe place.
In the same section, the subsection “How do I generate a revocation
certificate” could be moved elsewhere, as it is no longer something you
“should do after making [your] certificate”.
In section 10 (“What are some common bast practices?”), the advice
“Generate a revocation certificate and keep it safe” should be removed
and optionally replaced by “Keep your (automatically generated)
revocation certificate safe”.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 228 bytes
Desc: not available
More information about the Gnupg-users