Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: "Michał Górny" <mgorny@g.o>
To: gentoo-dev@l.g.o
Cc: robbat2@g.o, "Michał Górny" <mgorny@g.o>
Subject: [gentoo-dev] [PATCH 13/13] glep-0063: Split out the signing subkey into a separation point
Date: Wed, 04 Jul 2018 20:23:40
Message-Id: 20180704202301.1107-2-mgorny@gentoo.org
In Reply to: [gentoo-dev] [PATCH 12/13] glep-0063: 'Gentoo subkey' → 'Signing subkey' by "Michał Górny"
1 Reword the specification to express the requirement for separate signing
2 subkey more verbosely. Replace the ambiguous term 'dedicated' with
3 clear explanation that it needs to be different from the primary key
4 and not used for other purposes.
5
6 Suggested-by: Kristian Fiskerstrand <k_f@g.o>
7 ---
8 glep-0063.rst | 13 ++++++++-----
9 1 file changed, 8 insertions(+), 5 deletions(-)
10
11 diff --git a/glep-0063.rst b/glep-0063.rst
12 index d3e12e0..2f4e7f8 100644
13 --- a/glep-0063.rst
14 +++ b/glep-0063.rst
15 @@ -74,22 +74,25 @@ not be used to commit.
16
17 personal-digest-preferences SHA256
18
19 -2. Primary key and a dedicated signing subkey, both of EITHER:
20 +2. Signing subkey that is different from the primary key, and does not
21 + have any other capabilities enabled.
22 +
23 +3. Primary key and the signing subkey are both of type EITHER:
24
25 a. RSA, >=2048 bits (OpenPGP v4 key format or later only)
26
27 b. ECC, curve 25519
28
29 -3. Key expiration:
30 +4. Key expiration:
31
32 a. Primary key: 3 years maximum
33
34 b. Signing subkey: 1 year maximum
35
36 -4. Key expiration date renewed at least 2 weeks before the previous
37 +5. Key expiration date renewed at least 2 weeks before the previous
38 expiration date.
39
40 -5. Upload your key to the SKS keyserver rotation before usage!
41 +6. Upload your key to the SKS keyserver rotation before usage!
42
43 Recommendations
44 ---------------
45 @@ -141,7 +144,7 @@ their primary key).
46 # when making an OpenPGP certification, use a stronger digest than the default SHA1:
47 cert-digest-algo SHA256
48
49 -2. Primary key and a dedicated signing subkey, both of type RSA, 2048 bits
50 +2. Primary key and the signing subkey are both of type RSA, 2048 bits
51 (OpenPGP v4 key format or later)
52
53 3. Key expiration renewal:
54 --
55 2.18.0
Report Message
Find on MARC Find on Google Groups