Hello! Thanks to Werner, I learned a new english word today: bikeshedding! :-)
This guide http://spin.atomicobject.com/2013/11/24/secure-gpg-keys-guide/ suggests creating a subkey with authentication capability. Most other sources stress the fact that the primary key and the offline computer must be used to authenticate other people's public keys. I'm at a loss. Can I use an RSA subkey with autentication capability (and cross certified) to authenticate other people's public keys, will it be recognized by sks key servers and used in the web of trust? Or do I have to use the primary key? Hauke posted comments with critics about a few points, but not about this issue. In other developments, I'm impressed by the reactivity of the Arch Linux community! The security fix 1.4.17 hasn't been released for Debian Stable at the time of writing. The patch has only been applied to Sid. Thanks. Jérôme
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
