FAQ October 2019 update

Damien Goutte-Gattat dgouttegattat at incenp.org
Wed Oct 16 00:14:36 CEST 2019


On Tue, Oct 15, 2019 at 03:17:58PM -0400, Robert J. Hansen wrote:
>... Those were the high-priority changes that needed to be made.  If
>anyone has other suggestions, speak up: I'm listening.  :)

A while ago (I can’t find the e-mail anymore) I suggested a few changes 
that somehow didn’t find their way to the FAQ and then I forgot about 
them. Allow me to submit them again.

Those changes are all related to the fact that modern (≥ 2.1) GnuPG 
automatically creates a revocation certificate whenever it creates a new 
key pair, and stores it in $GNUPGHOME/openpgp-revocs.d.

In section 7,17 (What’s a ‘revocation certificate’?), it’s no longer 
recommended to create a revocation certificate immediately after 
generating a new GnuPG certificate. Instead, this section may state that 
GnuPG already creates one when creating a GnuPG certificate, and that it 
can be found in $GNUPGHOME/openpgp-revocs.d.

Similarly, section 8.5 (“What should I do after making my certificate”) 
should no longer say to generate a revocation certificate, but again may 
indicate where to find the one automatically generated by GnuPG, and 
advise to store it in a safe place.

In the same section, the subsection “How do I generate a revocation 
certificate” could be moved elsewhere, as it is no longer something you 
“should do after making [your] certificate”.

In section 10 (“What are some common bast practices?”), the advice 
“Generate a revocation certificate and keep it safe” should be removed 
and optionally replaced by “Keep your (automatically generated) 
revocation certificate safe”.


- Damien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20191015/c88f5507/attachment.sig>

More information about the Gnupg-users mailing list