On 06/08/2013 01:03 PM, Daniel Kahn Gillmor wrote:
> fwiw, some people might not be comfortable certifying a User ID
> ("signing a key") with such a comment, since it is not actually a
> part of the user's identity. How is an OpenPGP certifier supposed
> to validate the correctness of this commen
On 06/08/2013 03:21 PM, Hauke Laging wrote:
> Crypto is NOT about comfort but about security. The point is: Does a
> certification make sense? Most certifications I see do not.
People simply won't use tools that they aren't comfortable with. This
is a delicate tradeoff, but if you're willing to
Am Sa 08.06.2013, 13:03:06 schrieb Daniel Kahn Gillmor:
> fwiw, some people might not be comfortable certifying a User ID
> ("signing a key") with such a comment,
Crypto is NOT about comfort but about security. The point is: Does a
certification make sense? Most certifications I see do not.
The
On 06/07/2013 06:54 PM, Hauke Laging wrote:
> In addition to what Doug has said: I recommend to have one UID without email
> address. Just your name and a comment (like "everyday key on smartcard with
> offline main key; see policy URL".
fwiw, some people might not be comfortable certifying a U
Am Sa 08.06.2013, 10:42:51 schrieb Peter Lebbing:
> # If the option
> # --list is given the keygrip is ignored and information about all
> # available keys are returned.
I am afraid that is not what the OP wants to know. "Cached keys" in the sense
of "ssh-add -l" are keys whose passphrase is cac
Hello Werner and list,
I could reproduce the problem the user "Mustrum" had with moving his
certification-only primary key to a smartcard. If you have a primary key with
sign and certify abilities, you can "keytocard" it to the Signature slot of an
OpenPGP card, and it will issue certifications ju
I thought of another way to get the key on the card. During on-card key
generation, you're prompted if you want to make a backup in a file.
Such a backup is just a bare OpenPGP secret key material packet. It doesn't
have key usage flags, so they can't be in the way either.
We can create an equiva
On Fri, 07 Jun 2013 13:22:04 -0700
Doug Barton wrote:
> I'm not sure where you're getting this "15 years" number.
Up until now I've usually went with short-lived (1-2 years) keys. After
each period I'd simply replace them with completely new ones. Since
this can be a bit cumbersome, I wanted to
On Sat, 08 Jun 2013 00:54:40 +0200
Hauke Laging wrote:
> > With my OpenPGP smart-card set-up almost done (master key on one card,
>
> With backup? If not: Are you sure this card is going to survive for 15 years?
Of course. I've actually initialised everything in the offline mode,
including b
On 07/06/13 21:40, Tom Nakamura wrote:
> What is the equivalent operation for gpg-agent?
$ gpg-connect-agent
> help
# NOP
# CANCEL
[...]
# KEYINFO [--list] [--data] [--ssh-fpr]
[...]
> help keyinfo
# KEYINFO [--list] [--data] [--ssh-fpr]
#
# Return information about the key specified by the KEYG
10 matches
Mail list logo
