Re: [gentoo-dev] [PATCH v2 03/11] glep-0063: Clarify dedicated signing subkey in minimal reqs
On 18-07-04 12:54:50, Michał Górny wrote: > W dniu śro, 04.07.2018 o godzinie 12∶35 +0200, użytkownik Kristian > Fiskerstrand napisał: > > On 07/04/2018 12:23 PM, Michał Górny wrote: > > > -2. Root key and signing subkey of EITHER: > > > +2. Root key and a dedicated signing subkey, both of EITHER: > > > > "dedicated" here might be misread to be gentoo-specific, which doesn't > > really make much sense. > > What alternative do you suggest? We really want to make clear that we > require a separate subkey, and that subkey is not marked for encryption. > I'd suggest something along the lines of 'subkey with signing only capabilitiyies' or 'signing only subkey'. I state this because you are able to have a combined SE subkey which would match the language of dedicated or simply only saying 'signing subkey'. -- Matthew Thode (prometheanfire) signature.asc Description: PGP signature
Re: [gentoo-dev] [PATCH v2 03/11] glep-0063: Clarify dedicated signing subkey in minimal reqs
W dniu śro, 04.07.2018 o godzinie 12∶35 +0200, użytkownik Kristian Fiskerstrand napisał: > On 07/04/2018 12:23 PM, Michał Górny wrote: > > -2. Root key and signing subkey of EITHER: > > +2. Root key and a dedicated signing subkey, both of EITHER: > > "dedicated" here might be misread to be gentoo-specific, which doesn't > really make much sense. > Hmm, actually the recommended spec already talks of 'dedicated', so I'll change it as an additional commit rather than in place. -- Best regards, Michał Górny signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] [PATCH v2 03/11] glep-0063: Clarify dedicated signing subkey in minimal reqs
On 07/04/2018 12:59 PM, Michał Górny wrote: > > Or maybe even make a separate point about having a separate signing > subkey? > Right, that is likely also easier to understand. -- Kristian Fiskerstrand OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] [PATCH v2 03/11] glep-0063: Clarify dedicated signing subkey in minimal reqs
W dniu śro, 04.07.2018 o godzinie 12∶58 +0200, użytkownik Kristian Fiskerstrand napisał: > On 07/04/2018 12:54 PM, Michał Górny wrote: > > W dniu śro, 04.07.2018 o godzinie 12∶35 +0200, użytkownik Kristian > > Fiskerstrand napisał: > > > On 07/04/2018 12:23 PM, Michał Górny wrote: > > > > -2. Root key and signing subkey of EITHER: > > > > +2. Root key and a dedicated signing subkey, both of EITHER: > > > > > > "dedicated" here might be misread to be gentoo-specific, which doesn't > > > really make much sense. > > > > What alternative do you suggest? We really want to make clear that we > > require a separate subkey, and that subkey is not marked for encryption. > > > > "signing subkey" already implies as much though, but maybe write it out > more "Both the primary key and the signing subkey needs to be of EITHER;" > Or maybe even make a separate point about having a separate signing subkey? -- Best regards, Michał Górny signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] [PATCH v2 03/11] glep-0063: Clarify dedicated signing subkey in minimal reqs
On 07/04/2018 12:54 PM, Michał Górny wrote: > W dniu śro, 04.07.2018 o godzinie 12∶35 +0200, użytkownik Kristian > Fiskerstrand napisał: >> On 07/04/2018 12:23 PM, Michał Górny wrote: >>> -2. Root key and signing subkey of EITHER: >>> +2. Root key and a dedicated signing subkey, both of EITHER: >> >> "dedicated" here might be misread to be gentoo-specific, which doesn't >> really make much sense. > > What alternative do you suggest? We really want to make clear that we > require a separate subkey, and that subkey is not marked for encryption. > "signing subkey" already implies as much though, but maybe write it out more "Both the primary key and the signing subkey needs to be of EITHER;" -- Kristian Fiskerstrand OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] [PATCH v2 03/11] glep-0063: Clarify dedicated signing subkey in minimal reqs
W dniu śro, 04.07.2018 o godzinie 12∶35 +0200, użytkownik Kristian Fiskerstrand napisał: > On 07/04/2018 12:23 PM, Michał Górny wrote: > > -2. Root key and signing subkey of EITHER: > > +2. Root key and a dedicated signing subkey, both of EITHER: > > "dedicated" here might be misread to be gentoo-specific, which doesn't > really make much sense. What alternative do you suggest? We really want to make clear that we require a separate subkey, and that subkey is not marked for encryption. -- Best regards, Michał Górny signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] [PATCH v2 03/11] glep-0063: Clarify dedicated signing subkey in minimal reqs
On 07/04/2018 12:23 PM, Michał Górny wrote: > -2. Root key and signing subkey of EITHER: > +2. Root key and a dedicated signing subkey, both of EITHER: "dedicated" here might be misread to be gentoo-specific, which doesn't really make much sense. -- Kristian Fiskerstrand OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 signature.asc Description: OpenPGP digital signature
