GPG Keysigning at FUDCon
Todd Zullinger
tmz at pobox.com
Thu Jan 3 05:06:33 UTC 2008
Jesse Keating wrote:
> I've heard that a good strategy if you're going to generate a
> non-expiring key is to generate the revocation key at the same time,
> and replicate that in even more places, so in the event that you
> lose your private key you can revoke it instead of waiting for it to
> expire.
I'd say that generating a revocation cert is always the first thing to
do after creating a new key, whether it expires or not. You always
want to be able to revoke a key if you get into a pinch for whatever
reason.
Just peruse the archives of the pgp and gnupg lists and notice how
often someone shows up with the "I uploaded a key to the keyserver and
now I've lost the key because {my hard drive died,my dog ate it,etc},
so how do I delete the key from the keyservers?" problem. :)
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tact is just a mutual agreement to be full of shit.
-- Spider Robinson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080103/240b360a/attachment.sig>
More information about the fedora-devel-list
mailing list