| 1 |
Reword the specification to express the requirement for separate signing |
| 2 |
subkey more verbosely. Replace the ambiguous term 'dedicated' with |
| 3 |
clear explanation that it needs to be different from the primary key |
| 4 |
and not used for other purposes. |
| 5 |
|
| 6 |
Suggested-by: Kristian Fiskerstrand <k_f@g.o> |
| 7 |
--- |
| 8 |
glep-0063.rst | 11 +++++++---- |
| 9 |
1 file changed, 7 insertions(+), 4 deletions(-) |
| 10 |
|
| 11 |
diff --git a/glep-0063.rst b/glep-0063.rst |
| 12 |
index 940612c..05e5e9d 100644 |
| 13 |
--- a/glep-0063.rst |
| 14 |
+++ b/glep-0063.rst |
| 15 |
@@ -46,15 +46,18 @@ Bare minimum requirements |
| 16 |
|
| 17 |
personal-digest-preferences SHA256 |
| 18 |
|
| 19 |
-2. Primary key and signing subkey of EITHER: |
| 20 |
+2. Signing subkey that is different from the primary key, and does not |
| 21 |
+ have any other capabilities enabled. |
| 22 |
+ |
| 23 |
+3. Primary key and the signing subkey are both of type EITHER: |
| 24 |
|
| 25 |
a. DSA, 2048-bit |
| 26 |
|
| 27 |
b. RSA, >=2048 bits (OpenPGP v4 key format or later only) |
| 28 |
|
| 29 |
-3. Key expiry: 5 years maximum |
| 30 |
+4. Key expiry: 5 years maximum |
| 31 |
|
| 32 |
-4. Upload your key to the SKS keyserver rotation before usage! |
| 33 |
+5. Upload your key to the SKS keyserver rotation before usage! |
| 34 |
|
| 35 |
Recommendations |
| 36 |
--------------- |
| 37 |
@@ -106,7 +109,7 @@ Recommendations |
| 38 |
|
| 39 |
This may require creating an entirely new key. |
| 40 |
|
| 41 |
-3. Dedicated signing subkey of EITHER: |
| 42 |
+3. The signing subkey of EITHER: |
| 43 |
|
| 44 |
a. DSA 2048 bits exactly. |
| 45 |
|
| 46 |
-- |
| 47 |
2.18.0 |
Archives