1 |
Reword the specification to express the requirement for separate signing |
2 |
subkey more verbosely. Replace the ambiguous term 'dedicated' with |
3 |
clear explanation that it needs to be different from the primary key |
4 |
and not used for other purposes. |
5 |
|
6 |
Suggested-by: Kristian Fiskerstrand <k_f@g.o> |
7 |
--- |
8 |
glep-0063.rst | 11 +++++++---- |
9 |
1 file changed, 7 insertions(+), 4 deletions(-) |
10 |
|
11 |
diff --git a/glep-0063.rst b/glep-0063.rst |
12 |
index 940612c..05e5e9d 100644 |
13 |
--- a/glep-0063.rst |
14 |
+++ b/glep-0063.rst |
15 |
@@ -46,15 +46,18 @@ Bare minimum requirements |
16 |
|
17 |
personal-digest-preferences SHA256 |
18 |
|
19 |
-2. Primary key and signing subkey of EITHER: |
20 |
+2. Signing subkey that is different from the primary key, and does not |
21 |
+ have any other capabilities enabled. |
22 |
+ |
23 |
+3. Primary key and the signing subkey are both of type EITHER: |
24 |
|
25 |
a. DSA, 2048-bit |
26 |
|
27 |
b. RSA, >=2048 bits (OpenPGP v4 key format or later only) |
28 |
|
29 |
-3. Key expiry: 5 years maximum |
30 |
+4. Key expiry: 5 years maximum |
31 |
|
32 |
-4. Upload your key to the SKS keyserver rotation before usage! |
33 |
+5. Upload your key to the SKS keyserver rotation before usage! |
34 |
|
35 |
Recommendations |
36 |
--------------- |
37 |
@@ -106,7 +109,7 @@ Recommendations |
38 |
|
39 |
This may require creating an entirely new key. |
40 |
|
41 |
-3. Dedicated signing subkey of EITHER: |
42 |
+3. The signing subkey of EITHER: |
43 |
|
44 |
a. DSA 2048 bits exactly. |
45 |
|
46 |
-- |
47 |
2.18.0 |