On 15/01/16 19:33, Doug Barton wrote: > On 01/11/2016 08:35 AM, Lachlan Gunn wrote: >> For me it's problematic >> because my certification key is on an offline machine, so it's >> inconvenient to have to power it up and do a round-trip through the >> airgap when I'm not going to propagate the signature anyway. It's not a >> dealbreaker but it's still a bit irritating. > > This is a good example of why that method of working with your keys is > pointlessly complicated. :)
It's complicated, but not necessarily _pointlessly_ so. Depending on circumstances it could be considered minimally prudent. I've worked on several projects for more than one financial institution, and airgaps like this are considered barely sufficient for some important keys. (Of course in such projects the idea of a certification subkey not on the airgapped machine would be completely unacceptable...) A
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
