| 1 |
On Tue, Mar 04, 2014 at 06:15:01PM +0100, Fabian Groffen wrote: |
| 2 |
> On 04-03-2014 09:59:10 -0600, Matthew Summers wrote: |
| 3 |
> > On Tue, Mar 4, 2014 at 9:02 AM, Rich Freeman <rich0@g.o> wrote: |
| 4 |
> > > Certainly an exhaustive set of instructions on using gpg is too much, |
| 5 |
> > > but can we at least get: |
| 6 |
> > > 1. A list of steps that can be followed to generate a key that is |
| 7 |
> > > useful and compliant with the policy. |
| 8 |
> > > 2. A command that can be supplied with a key ID and tell you if the |
| 9 |
> > > key complies or not. |
| 10 |
> > |
| 11 |
> > Please add some instructions/best practice policy on replacing an |
| 12 |
> > existing key too :-) |
| 13 |
> Key expiration (extending the lifetime) is one of the things I find very |
| 14 |
> useful and often avoids replacing keys, so I think that should be in it |
| 15 |
> too. |
| 16 |
If your existing key meets the requirements and you know it's still |
| 17 |
secure, then yes, you should prefer extending the lifetime. |
| 18 |
|
| 19 |
If either of those are not true, then it's time to make a new key. |
| 20 |
|
| 21 |
quantumsummers: |
| 22 |
what sort of policy are you looking for about replacing |
| 23 |
a key? |
| 24 |
- cross-certification between old/new keys? |
| 25 |
- reissue vs adjust-expiry? |
| 26 |
- something else? |
| 27 |
|
| 28 |
-- |
| 29 |
Robin Hugh Johnson |
| 30 |
Gentoo Linux: Developer, Infrastructure Lead |
| 31 |
E-Mail : robbat2@g.o |
| 32 |
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 |
Archives