Updated OpenPGP Security (markdown)

Dominik Schürmann 2016-01-05 00:15:03 +01:00
parent 555b41f5f9
commit f2335c4808
1 changed files with 4 additions and 1 deletions

@ -48,7 +48,10 @@ from http://blog.josefsson.org/2014/08/26/the-case-for-short-openpgp-key-validit
from https://help.riseup.net/en/security/message-security/openpgp/best-practices
> * You may think that is annoying and you dont want to deal with it, but it is actually good to be doing this on a regular basis so you keep your OpenPGP skills fresh. It indicates to users that they key is still active, and that the keyholder is using it, and gives you an opportunity to review the current state of your tools, and best practices. Also, many people will not sign a key that has no expiration date!
No real argument here. Just shows that OpenPGP is complex.
This argument summed up: "OpenPGP is complex, you need to learn a lot of stuff and keep up to date. Expiration dates are a great reminder."
* To remind yourself you could also use a calendar
* This whole argument basically admits that many OpenPGP implementations and tutorials are overly complex.
* Our goal is to not require any complex knowledge for OpenPGP usage
## Revocation certificate
TODO: Yes we must do this. Important TODO