| 1 |
commit: aa9614eda3b220f93e50817d0f6d8e81d4795020 |
| 2 |
Author: Michał Górny <mgorny <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sun Jul 8 18:18:06 2018 +0000 |
| 4 |
Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Jul 29 20:07:27 2018 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/data/glep.git/commit/?id=aa9614ed |
| 7 |
|
| 8 |
glep-0063: Unify punctuation |
| 9 |
|
| 10 |
Requested-by: Ulrich Müller <ulm <AT> gentoo.org> |
| 11 |
|
| 12 |
glep-0063.rst | 22 +++++++++++----------- |
| 13 |
1 file changed, 11 insertions(+), 11 deletions(-) |
| 14 |
|
| 15 |
diff --git a/glep-0063.rst b/glep-0063.rst |
| 16 |
index ae36d36..c02b89e 100644 |
| 17 |
--- a/glep-0063.rst |
| 18 |
+++ b/glep-0063.rst |
| 19 |
@@ -83,19 +83,19 @@ not be used to commit. |
| 20 |
at least 256-bit. All subkey self-signatures must use this digest. |
| 21 |
|
| 22 |
2. Signing subkey that is different from the primary key, and does not |
| 23 |
- have any other capabilities enabled |
| 24 |
+ have any other capabilities enabled. |
| 25 |
|
| 26 |
3. Primary key and the signing subkey are both of type EITHER: |
| 27 |
|
| 28 |
- a. RSA, >=2048 bits (OpenPGP v4 key format or later only) |
| 29 |
+ a. RSA, >=2048 bits (OpenPGP v4 key format or later only), |
| 30 |
|
| 31 |
- b. ECC curve 25519 |
| 32 |
+ b. ECC curve 25519. |
| 33 |
|
| 34 |
4. Expiration date on key and all subkeys set to no more than 900 days |
| 35 |
- into the future |
| 36 |
+ into the future. |
| 37 |
|
| 38 |
5. Key expiration date renewed at least 2 weeks before the previous |
| 39 |
- expiration date |
| 40 |
+ expiration date. |
| 41 |
|
| 42 |
6. Upload your key to the SKS keyserver rotation before usage! |
| 43 |
|
| 44 |
@@ -107,9 +107,9 @@ technical reason not to (e.g. hardware limitations, necessity of replacing |
| 45 |
their primary key). |
| 46 |
|
| 47 |
1. Primary key and the signing subkey are both of type RSA, 2048 bits |
| 48 |
- (OpenPGP v4 key format or later) |
| 49 |
+ (OpenPGP v4 key format or later). |
| 50 |
|
| 51 |
-2. Key expiration renewed annually to a fixed day of the year |
| 52 |
+2. Key expiration renewed annually to a fixed day of the year. |
| 53 |
|
| 54 |
3. Create a revocation certificate & store it hardcopy offsite securely |
| 55 |
(it's about ~300 bytes). |
| 56 |
@@ -142,13 +142,13 @@ External documentation |
| 57 |
|
| 58 |
Much of the above was driven by the following: |
| 59 |
|
| 60 |
-* NIST SP 800-57 recommendations [#NISTSP800571]_, [#NISTSP800572]_ |
| 61 |
+* NIST SP 800-57 recommendations [#NISTSP800571]_, [#NISTSP800572]_, |
| 62 |
|
| 63 |
-* Debian GPG documentation [#DEBIANGPG]_ |
| 64 |
+* Debian GPG documentation [#DEBIANGPG]_, |
| 65 |
|
| 66 |
-* RiseUp.net OpenPGP best practices [#RISEUP]_ |
| 67 |
+* RiseUp.net OpenPGP best practices [#RISEUP]_, |
| 68 |
|
| 69 |
-* ENISA Algorithms, Key Sizes and Parameters Report 2013 [#ENISA2013]_ |
| 70 |
+* ENISA Algorithms, Key Sizes and Parameters Report 2013 [#ENISA2013]_. |
| 71 |
|
| 72 |
References |
| 73 |
========== |
Archives