On Tue, Mar 22, 2016 at 10:21 PM, Peter Lebbing <pe...@digitalbrains.com> wrote:
> > Your one month expiry thing is not well thought through. Not only will the > owner > need to re-sign and redistribute every damn month, but all his contacts > will > pretty much always need tor refresh the key before they can use it, /even/ > if > they are currently working offline (e.g., commuting), which means they > simply > need to wait until they have network coverage again. The 4k RSA primary > key with > 3 subkeys grows by 2 kilobytes on the keyserver every single month (new > expiry > signatures). When, not if but when the user forgets to renew, his contacts > have > no other recourse than to contact the user in plain text to remind them of > their > forgetfulness. > You got this wrong. It does not enforce 1 month expiry. Right after creating the key you can change its expiry to 10y, if you wish. But if you say nothing, after 1m you will have to renew it (if you still remember the passphrase). This is like a safety measure for people who are not familiar with gpg. > And why is your primary key capable of encryption? One of the reasons for > subkeys is so you don't have to use the same key material for both > encryption > and signing, since this opens up some subtle points of attack that are > easily > avoided. > What is wrong with that? As long as there is a subkey for encryption, gpg will use the subkey for encryption, even if the primary key is capable of encryption. > Current GnuPG is the culmination of several decades of very hard work by > talented people. Don't forget that when you think something isn't as you > think > it should be. I did not judge the people who built GnuPG. And I know that it is easier to criticize than to do something better. Actually my goal was not to replace GnuPG, my goal was to make things a bit simpler (especially for beginners). And I beleive that this can be done with a bunch of simple shell scripts. Peace, Dashamir
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
