Reword the specification to express the requirement for separate signing
subkey more verbosely. Replace the ambiguous term 'dedicated' with
clear explanation that it needs to be different from the primary key
and not used for other purposes.
Suggested-by: Kristian Fiskerstrand <k...@gentoo.org>
---
glep-0063.rst | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/glep-0063.rst b/glep-0063.rst
index 318717a..2d30f68 100644
--- a/glep-0063.rst
+++ b/glep-0063.rst
@@ -45,15 +45,18 @@ Bare minimum requirements
personal-digest-preferences SHA256
-2. Primary key and signing subkey of EITHER:
+2. Signing subkey that is different from the primary key, and does not
+ have any other capabilities enabled.
+
+3. Primary key and the signing subkey are both of type EITHER:
a. DSA, 2048-bit
b. RSA, >=2048 bits (OpenPGP v4 key format or later only)
-3. Key expiry: 5 years maximum
+4. Key expiry: 5 years maximum
-4. Upload your key to the SKS keyserver rotation before usage!
+5. Upload your key to the SKS keyserver rotation before usage!
Recommendations
---------------
@@ -105,7 +108,7 @@ Recommendations
This may require creating an entirely new key.
-3. Dedicated signing subkey of EITHER:
+3. The signing subkey of EITHER:
a. DSA 2048 bits exactly.
--
2.18.0
