And maybe some (or all) of it should go in the FAQ, but i'll let Robert
(who maintains the FAQ, iirc) weigh in on that.
I feel as if I should apologize in advance here, because this is going
to be a little bit ranty -- Daniel is making a good point, though, and
any incoherent fist-shaking at
On 05/12/2014 03:35 AM, Tomer Altman wrote:
> You recommend creating a revocation certificate against the private key, but
> the GPG documentation seems to recommend creating the revocation certificate
> against the public (sub-)key:
>
> https://www.gnupg.org/gph/en/manual.html#REVOCATION
>
>
ginal Message -
From: "Daniel Kahn Gillmor"
To: "Tomer Altman" , gnupg-users@gnupg.org
Sent: Saturday, May 10, 2014 9:06:38 AM
Subject: Re: Best practices for securely creating master RSA key
Hi Tomer--
On 05/10/2014 05:23 AM, Tomer Altman wrote:
> 1. Find a computer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 10-05-2014 4:23, Tomer Altman escribió:
> To whom it may concern,
>
> I recall reading somewhere some best practices for creating one's
> initial RSA key pair that they intend for building their Web of
> Trust. I think the recommended steps were:
Hi Tomer--
On 05/10/2014 05:23 AM, Tomer Altman wrote:
> 1. Find a computer that you think is relatively free of malware
> 2. Download a Live Linux distro CD/DVD/USB, and verify its signatures to make
> sure you are not installing a tainted version
> 3. Launch the verified Linux distro.
> 4. Use
On Saturday 10 May 2014 01:23:57 Tomer Altman wrote:
> To whom it may concern,
>
> I recall reading somewhere some best practices for creating one's
> initial RSA key pair that they intend for building their Web of
> Trust. I think the recommended steps were:
>
> 1. Find a computer that you think
To whom it may concern,
I recall reading somewhere some best practices for creating one's initial RSA
key pair that they intend for building their Web of Trust. I think the
recommended steps were:
1. Find a computer that you think is relatively free of malware
2. Download a Live Linux distro CD
