On Sat, Apr 21, 2018 at 05:42:06AM +0200, Stéphane Glondu wrote:
> On 17/04/2018 13:44, Thomas Goirand wrote:
> > In fact, I was mistaking. The reason why we are renewing subkeys, is
> > because some were generated using the Yubikey, which happens to have a
> > security hole. For others, we are
On 17/04/2018 13:44, Thomas Goirand wrote:
> In fact, I was mistaking. The reason why we are renewing subkeys, is
> because some were generated using the Yubikey, which happens to have a
> security hole. For others, we are simply extending the expiration date,
> which is what most people do.
What
On Thu, 2018-04-19 at 11:44 -0700, Daniel Kahn Gillmor wrote:
> [ adding James in Cc, but this is now so far off-topic that it'll be
> my
> last on-list e-mail to this thread ]
>
> On Wed 2018-04-18 22:55:17 +0200, Philipp Kern wrote:
> > I think the work James Bottomley is doing on TPM2 would
On Tue 2018-04-17 09:52:56 +0800, gustavo panizzo wrote:
> I would advise you against generating new subkeys, after some years your
> public key will be a mess (like mine, 0x44BB1BA79F6C6333), as you cannot
> never remove expired/revoked keys from the public part.
What's the problem here? is it
Hi
On Mon, Apr 16, 2018 at 10:23:57PM +0200, Thomas Goirand wrote:
On 04/16/2018 03:09 AM, Daniel Kahn Gillmor wrote:
On Sun 2018-04-15 15:49:09 +0200, Thomas Goirand wrote:
The keys support storing 3 4096 bits subkeys, for auth, encryption and
signing. You're not supposed to store your
Hi Daniel,
On Mon, 16 Apr 2018, Daniel Kahn Gillmor wrote:
> what do you see as the advantage of a hardware token for message
> decryption given that the key will be transferred to main memory after
I don't see/use it as message decryption device. In about 20 years of
gpg usage, I have received
On Mon 2018-04-16 22:23:57 +0200, Thomas Goirand wrote:
> Easy: we just make the new subkeys on a new Yubikey, and keep 2 keys for
> a short time (a month or 2, which is enough for the Debian keymaster to
> update the keys). That's ok because we have lots of spare Yubikeys. I
> guess it should be
On 04/16/2018 03:09 AM, Daniel Kahn Gillmor wrote:
> On Sun 2018-04-15 15:49:09 +0200, Thomas Goirand wrote:
>> The keys support storing 3 4096 bits subkeys, for auth, encryption and
>> signing. You're not supposed to store your master key in the Yubikey,
>> instead you'd just save the master key
On Tue 2018-04-17 00:39:41 +0900, Norbert Preining wrote:
>> problematic. How do you handle it during this transition?
>
> I have my expired key available on my computer, and the active subkey
> only on the Yubikey I use. That means I can still decrypt old
> messages etc, but for signing and
> problematic. How do you handle it during this transition?
I have my expired key available on my computer, and the active subkey
only on the Yubikey I use. That means I can still decrypt old
messages etc, but for signing and decrypting messages to the current key
I need to have the Yubikey
On Sun 2018-04-15 15:49:09 +0200, Thomas Goirand wrote:
> The keys support storing 3 4096 bits subkeys, for auth, encryption and
> signing. You're not supposed to store your master key in the Yubikey,
> instead you'd just save the master key far away in a safe place. The
> only issue is that then,
On 04/15/2018 07:43 AM, YunQiang Su wrote:
> On Sun, Apr 15, 2018 at 5:09 AM, Thomas Goirand wrote:
>> Forgot "Yubikey" in the subject line ... :)
>
> How many bits does it support?
The keys support storing 3 4096 bits subkeys, for auth, encryption and
signing. You're not
Forgot "Yubikey" in the subject line ... :)
Cheers,
Thomas Goirand (zigo)
13 matches
Mail list logo