On Fri, Aug 11, 2017 at 10:08:16AM -0700, Sean Whitton wrote:
> Thank you for the explanation.
> 
> On Fri, Aug 11 2017, Jonathan McDowell wrote:
> 
> >  * If you don't want to buy hardware, use an offline master
> >  key. Create
> >    a certification only master key using something like PGP Clean Room
> >    on a non-networked host [...]
> 
> By default, GnuPG creates a signing+certification master key.  Could you
> explain why it's a good idea to override that?  I'm not sure what it
> achieves.

I see no reason why the master key should ever be used for signatures in
such a scenario, so it seems sensible to indicate that it is purely for
certification.

J.

-- 
/-\                             |    "Could I have an 'E', please,
|@/  Debian GNU/Linux Developer |        Bob?"  (Blockbusters)
\-                              |

Attachment: signature.asc
Description: Digital signature

Reply via email to