On 20.02.15 15:27, NdK wrote: >>> 5 - possibility to export private keys to user-certified devices >> > That pretty much defeats the point of using a smart card in the first >> > place. > That's not "uncontrolled export", and in fact… > …(snip)… > while importing a key (so that you "can't" alter -actually > it's just "really hard", but doing that should invalidate signatures on > your master key!- the policy by exporting from a device and importing on > another). >
There in lies the problem. It's really hard -> it's doable. What is the use case that absolutely needs exportable master keys? -- Ville
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users