Hi GnuPG folks, The current version of the FAQ recommends creating a revocation certificate at several places.
§ 7.17 "We recommend you create a revocation certificate immediately after generating a new GnuPG certificate." § 8.5 "What should I do after making my certificate? Generate a revocation certificate" § 10 "What are some common best practices? [...] Generate a revocation certificate" However, since GnuPG 2.1 a revocation certificate is now automatically generated by GnuPG at the same time a new key pair is created, and stored in $GNUPGHOME/openpgp-revocs.d. Therefore the above recommendations should either be removed or at the very least amended to explain that they are only necessary with GnuPG < 2.1. FWIW, I believe they should be removed completely. Rationale: It has already been decided three years ago not to mention GnuPG 1.4 in the FAQ [1]. Since then, GnuPG 2.0 has been end-of-lifed and so in my opinion should not be mentioned either. Thus the FAQ should only focus on "modern" GnuPG (>= 2.1). And with modern GnuPG there is no need to recommend to generate a revocation certificate. On the same topic, the answer to the question "How do I generate a revocation certificate?" (§ 8.5) should be amended to explain that such a revocation certificate may already have been generated. ("May", because it is possible the user asking this question has generated his or her key a long time ago, using an older version of GnuPG.) Comments are welcome. Cheers, Damien [1] https://lists.gnupg.org/pipermail/gnupg-users/2015-August/054172.html
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users