| 1 |
On Thu, 25 Apr 2019 12:57:54 +0100 |
| 2 |
Marek Szuba <marecki@g.o> wrote: |
| 3 |
|
| 4 |
> On 2019-04-24 20:34, Rich Freeman wrote: |
| 5 |
> |
| 6 |
> > The only reason to have a separate primary key is to have an offline |
| 7 |
> > copy, |
| 8 |
> |
| 9 |
> Not quite. First and foremost, you do not want to have an offline copy |
| 10 |
> of the primary private key - you want to have the primary ENTIRELY |
| 11 |
> offline. |
| 12 |
|
| 13 |
This has confused me. Granted, GLEP 63 does not say anything about |
| 14 |
where to store the primary key but I followed the Debian guide at |
| 15 |
https://wiki.debian.org/Subkeys, believing it to be best practise and |
| 16 |
if I understood it correctly, it only removes the primary private key |
| 17 |
from the online copy and not the entire primary key. The --list-keys |
| 18 |
option shows an [SC] primary with an [E] subkey and an [S] subkey and I |
| 19 |
gathered from a conversation in #gentoo-dev that this is correct. Are |
| 20 |
you suggesting the [SC] primary should not appear here at all? |
| 21 |
|
| 22 |
> Secondly, the reason for that is not (just) to have a backup |
| 23 |
> but that the primary private key gives you virtually unlimited control. |
| 24 |
|
| 25 |
Are you contradicting yourself here? You explained why the private key |
| 26 |
must be kept secure but you didn't say anything about the rest of the |
| 27 |
primary key. |
| 28 |
|
| 29 |
-- |
| 30 |
James Le Cuirot (chewi) |
| 31 |
Gentoo Linux Developer |
Archives