[cryptography] technical question about gpg on debian/sid

Jeremy Stanley fungi at yuggoth.org
Tue Oct 15 14:51:22 EDT 2013


On 2013-10-15 20:06:55 +0200 (+0200), Werner Koch wrote:
[...]
> If you want to write up something, I suggested to mention the creation
> of a revocation certificate.  Unfortunately gpg does not yet do this
> automatically.  And most important, stress the importance to somehow
> keeping the box secure so not to fall prey to the standard attacks.

Thanks! I'll make sure these recommendations find their way into the
bits on key management (I was already covering them, but I'll add
extra emphasis).

As far as configuration recommendations, they're mainly intended to
help people stuck with older releases on stable Linux distributions
mimic the defaults of more recent releases; but I also intended to
cover securely vetting access to keyserver pools (keyserver
configuration in GnuPG doesn't yet default HKPS?) and using more
verbose/detailed output (show-uid-validity, key-format 0xlong).

Most of what I'm focusing on though is key management, updating,
transition statements, procedures for large organized keysigning
parties and so on. Also documenting the ways in which our community
utilizes OpenPGP standards and further evangelizing the utility for
a web of trust among us.
-- 
{ PGP( 48F9961143495829 ); FINGER( fungi at cthulhu.yuggoth.org );
WWW( http://fungi.yuggoth.org/ ); IRC( fungi at irc.yuggoth.org#ccl );
WHOIS( STANL3-ARIN ); MUD( kinrui at katarsis.mudpy.org:6669 ); }


More information about the cryptography mailing list