On 10/28/2014 02:53 AM, Marty Falatic (mfalatic) wrote: > I'm relatively new to the keysigning *event* concept - can > someone give a little more detail on this and where it > comes into play? Does anyone else use a service (e.g., > keybase.io) for this purpose? > > - Marty Falatic
I would recommend *against* using a service like keybase.io (for any purpose), which offers such a horrible feature as to upload your private key. I'm well aware that you don't *have* to do that, but I just think it's educating PGP users the wrong way. A private key should be: 1/ Stored on a safe medium, for example on a dm-crypt partition on your laptop (that's what I do), or on a smart card. 2/ Backed-up somewhere safe so that you can revoke it. For example, on a gpg symetric password protected file, then store that file on a USB key that you will put in a safe. 3/ Never be shared with anyone. Uploading it to a website, and trusting them with it, is *never* a good option, no mater what feature the site proposes. And I will never trust a site that offers this kind of feature. Cheers, Thomas Goirand (zigo) _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
