-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Wednesday 12 May 2010 at 9:48:34 PM, in <mid:4beb1422.8030...@fifthhorseman.net>, Daniel Kahn Gillmor wrote: > On 05/12/2010 02:06 PM, MFPA wrote: >> Although the comment could just state it was his new key from >> dd/mm/yyyy without mentioning any other key(s). > even this comment would be superfluous, since the key > has a "Created on" timestamp built in. Of course; the un-necessary comment would simply add emphasis. > Also, his > statement isn't really part of a person's identity, > which makes it more dubious to put it in the User ID as > well. Nearly 20% of the keys in my keyring have something in the User ID that is clearly not part of a person's identity. What would you say was a non-dubious use of the "comment" field within the User ID? [...] > Expiry dates on keys are only useful as a safeguard > against accidental destruction of the secret key > material, not against loss of control of the secret key > material to a malicious party. True. An expiry date would have been useful on the thread-starter's key, which was lost in a system failure, but obviously not in the case of a compromised secret key. > This whole scenario is a good argument for what is > already accepted best-practice: generate a > worst-case-scenario revocation certificate immediately > after generating your key, and store that revocation > certificate securely in an offline place (e.g. print it > to good paper and destroy the digital copy). This > means there are no extra keys to manage, and no third > parties to rely on (unless you want to send a copy of > your revocation certificate to a trusted friend for use > in an emergency). A good point, well made. - -- Best regards MFPA mailto:expires2...@ymail.com Dogs look up to us. Cats look down on us. Pigs treat us as equals. -----BEGIN PGP SIGNATURE----- iQCVAwUBS/FzM6ipC46tDG5pAQqdMgQAhS7AB64C8/fdh9LzHS0YKZGd+rByZsb/ szGM2S2LkHAHwEigzFP1lxkzOGFoBsYbWSE5U65Fbz2Yiu4F/+m4FgMgc/lqOLyR 98CNkQIGQmkFe1VwFf05vf/GN77iP6EYBQMRgrGRE+fRuYSFbbLUAJcrBmEr24ut nWFT+18PLlQ= =86v+ -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
