Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)

On Sat, Apr 21, 2018 at 05:42:06AM +0200, Stéphane Glondu wrote: > On 17/04/2018 13:44, Thomas Goirand wrote: > > In fact, I was mistaking. The reason why we are renewing subkeys, is > > because some were generated using the Yubikey, which happens to have a > > security hole. For others, we are

Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)

On 17/04/2018 13:44, Thomas Goirand wrote: > In fact, I was mistaking. The reason why we are renewing subkeys, is > because some were generated using the Yubikey, which happens to have a > security hole. For others, we are simply extending the expiration date, > which is what most people do. What

Re: hardware tokens and subkey rotation [was: Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)]

On Thu, 2018-04-19 at 11:44 -0700, Daniel Kahn Gillmor wrote: > [ adding James in Cc, but this is now so far off-topic that it'll be > my >   last on-list e-mail to this thread ] > > On Wed 2018-04-18 22:55:17 +0200, Philipp Kern wrote: > > I think the work James Bottomley is doing on TPM2 would

subkey rotation [was: Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)]

On Tue 2018-04-17 09:52:56 +0800, gustavo panizzo wrote: > I would advise you against generating new subkeys, after some years your > public key will be a mess (like mine, 0x44BB1BA79F6C6333), as you cannot > never remove expired/revoked keys from the public part. What's the problem here? is it

Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)

Hi On Mon, Apr 16, 2018 at 10:23:57PM +0200, Thomas Goirand wrote: On 04/16/2018 03:09 AM, Daniel Kahn Gillmor wrote: On Sun 2018-04-15 15:49:09 +0200, Thomas Goirand wrote: The keys support storing 3 4096 bits subkeys, for auth, encryption and signing. You're not supposed to store your

Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)

Hi Daniel, On Mon, 16 Apr 2018, Daniel Kahn Gillmor wrote: > what do you see as the advantage of a hardware token for message > decryption given that the key will be transferred to main memory after I don't see/use it as message decryption device. In about 20 years of gpg usage, I have received

hardware tokens and subkey rotation [was: Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)]

On Mon 2018-04-16 22:23:57 +0200, Thomas Goirand wrote: > Easy: we just make the new subkeys on a new Yubikey, and keep 2 keys for > a short time (a month or 2, which is enough for the Debian keymaster to > update the keys). That's ok because we have lots of spare Yubikeys. I > guess it should be

Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)

On 04/16/2018 03:09 AM, Daniel Kahn Gillmor wrote: > On Sun 2018-04-15 15:49:09 +0200, Thomas Goirand wrote: >> The keys support storing 3 4096 bits subkeys, for auth, encryption and >> signing. You're not supposed to store your master key in the Yubikey, >> instead you'd just save the master key

Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)

On Tue 2018-04-17 00:39:41 +0900, Norbert Preining wrote: >> problematic. How do you handle it during this transition? > > I have my expired key available on my computer, and the active subkey > only on the Yubikey I use. That means I can still decrypt old > messages etc, but for signing and

Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)

> problematic. How do you handle it during this transition? I have my expired key available on my computer, and the active subkey only on the Yubikey I use. That means I can still decrypt old messages etc, but for signing and decrypting messages to the current key I need to have the Yubikey

Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)

On Sun 2018-04-15 15:49:09 +0200, Thomas Goirand wrote: > The keys support storing 3 4096 bits subkeys, for auth, encryption and > signing. You're not supposed to store your master key in the Yubikey, > instead you'd just save the master key far away in a safe place. The > only issue is that then,

Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)

On 04/15/2018 07:43 AM, YunQiang Su wrote: > On Sun, Apr 15, 2018 at 5:09 AM, Thomas Goirand wrote: >> Forgot "Yubikey" in the subject line ... :) > > How many bits does it support? The keys support storing 3 4096 bits subkeys, for auth, encryption and signing. You're not

Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)

Forgot "Yubikey" in the subject line ... :) Cheers, Thomas Goirand (zigo)