1 |
On 06-07-2018 13:34:21 +0200, Ulrich Mueller wrote: |
2 |
> - Make creation of a revocation certificate (and storing it in a place |
3 |
> separate from the key) mandatory. |
4 |
|
5 |
What does this really achieve? Or require? Am I supposed to buy or |
6 |
hire a vault now? -- I'm assuming the word "safe" is missing from |
7 |
above sentence. |
8 |
|
9 |
Side observation: |
10 |
You can't check I have the revocation cert, let alone that you can |
11 |
check where it is stored, or if I lost it. |
12 |
|
13 |
Unless it is stored in a Gentoo owned vault or something, such that |
14 |
infra can invoke it on retirement scripts, this seems like unnecessary |
15 |
bureaucracy. |
16 |
|
17 |
Of course we want to encourage anyone to have a revocation cert, and to |
18 |
store it in a safe place somewhere. This is at best subject to means |
19 |
and opportunities of the person in question. In reality it is quite |
20 |
hard to store secrets securely, even more when they don't fit well in |
21 |
the human SSD. |
22 |
|
23 |
Fabian |
24 |
|
25 |
-- |
26 |
Fabian Groffen |
27 |
Gentoo on a different level |