[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: GPG Keysigning at FUDCon



Jesse Keating wrote:
> I've heard that a good strategy if you're going to generate a
> non-expiring key is to generate the revocation key at the same time,
> and replicate that in even more places, so in the event that you
> lose your private key you can revoke it instead of waiting for it to
> expire.

I'd say that generating a revocation cert is always the first thing to
do after creating a new key, whether it expires or not.  You always
want to be able to revoke a key if you get into a pinch for whatever
reason.

Just peruse the archives of the pgp and gnupg lists and notice how
often someone shows up with the "I uploaded a key to the keyserver and
now I've lost the key because {my hard drive died,my dog ate it,etc},
so how do I delete the key from the keyservers?" problem. :)

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tact is just a mutual agreement to be full of shit.
    -- Spider Robinson

Attachment: pgpu1eC1GcM2f.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]