1 |
On Tue, Mar 04, 2014 at 06:15:01PM +0100, Fabian Groffen wrote: |
2 |
> On 04-03-2014 09:59:10 -0600, Matthew Summers wrote: |
3 |
> > On Tue, Mar 4, 2014 at 9:02 AM, Rich Freeman <rich0@g.o> wrote: |
4 |
> > > Certainly an exhaustive set of instructions on using gpg is too much, |
5 |
> > > but can we at least get: |
6 |
> > > 1. A list of steps that can be followed to generate a key that is |
7 |
> > > useful and compliant with the policy. |
8 |
> > > 2. A command that can be supplied with a key ID and tell you if the |
9 |
> > > key complies or not. |
10 |
> > |
11 |
> > Please add some instructions/best practice policy on replacing an |
12 |
> > existing key too :-) |
13 |
> Key expiration (extending the lifetime) is one of the things I find very |
14 |
> useful and often avoids replacing keys, so I think that should be in it |
15 |
> too. |
16 |
If your existing key meets the requirements and you know it's still |
17 |
secure, then yes, you should prefer extending the lifetime. |
18 |
|
19 |
If either of those are not true, then it's time to make a new key. |
20 |
|
21 |
quantumsummers: |
22 |
what sort of policy are you looking for about replacing |
23 |
a key? |
24 |
- cross-certification between old/new keys? |
25 |
- reissue vs adjust-expiry? |
26 |
- something else? |
27 |
|
28 |
-- |
29 |
Robin Hugh Johnson |
30 |
Gentoo Linux: Developer, Infrastructure Lead |
31 |
E-Mail : robbat2@g.o |
32 |
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 |