Re: [gentoo-dev] [PATCH v2 09/11] glep-0063: Make recommended expiration terms mandatory

W dniu pią, 06.07.2018 o godzinie 16∶21 +0200, użytkownik Marc Schiffbauer napisał: > * Kristian Fiskerstrand schrieb am 06.07.18 um 13:00 Uhr: > > On 07/05/2018 05:37 PM, Marc Schiffbauer wrote: > > > I have my primary key offline only, so renewing/editing it is a much > > > more time consuming m

Re: [gentoo-dev] [PATCH v2 09/11] glep-0063: Make recommended expiration terms mandatory

* Kristian Fiskerstrand schrieb am 06.07.18 um 13:00 Uhr: > On 07/05/2018 05:37 PM, Marc Schiffbauer wrote: > > I have my primary key offline only, so renewing/editing it is a much > > more time consuming matter than if I had my primary key always with me > > which I consider a bad idea because y

Re: [gentoo-dev] [PATCH v2 09/11] glep-0063: Make recommended expiration terms mandatory

On 06-07-2018 13:34:21 +0200, Ulrich Mueller wrote: > - Make creation of a revocation certificate (and storing it in a place > separate from the key) mandatory. What does this really achieve? Or require? Am I supposed to buy or hire a vault now? -- I'm assuming the word "safe" is missing fro

Re: [gentoo-dev] [PATCH v2 09/11] glep-0063: Make recommended expiration terms mandatory

On 07/06/2018 01:34 PM, Ulrich Mueller wrote: > Note that the revocation certificate is still listed under > recommendations only, so devs need not create one. Making this a > requirement would be a real improvement, IMHO. From a Gentoo perspective, we can "revoke" it by deleting it from LDAP and

Re: [gentoo-dev] [PATCH v2 09/11] glep-0063: Make recommended expiration terms mandatory

W dniu pią, 06.07.2018 o godzinie 13∶34 +0200, użytkownik Ulrich Mueller napisał: > > > > > > On Fri, 6 Jul 2018, Marc Schiffbauer wrote: > > * Michał Górny schrieb am 06.07.18 um 11:33 Uhr: > > > If you don't see it for 5 years, how can you be sure that it is > > > even still there? > > Are you se

Re: [gentoo-dev] [PATCH v2 09/11] glep-0063: Make recommended expiration terms mandatory

> On Fri, 6 Jul 2018, Marc Schiffbauer wrote: > * Michał Górny schrieb am 06.07.18 um 11:33 Uhr: >> If you don't see it for 5 years, how can you be sure that it is >> even still there? > Are you serious? Who tells you that I do not check from time to > time? > I am sure there will always be

Re: [gentoo-dev] [PATCH v2 09/11] glep-0063: Make recommended expiration terms mandatory

On 07/05/2018 05:37 PM, Marc Schiffbauer wrote: > I have my primary key offline only, so renewing/editing it is a much > more time consuming matter than if I had my primary key always with me > which I consider a bad idea because you do not need to. But is it sufficiently time-consuming / diffic

Re: [gentoo-dev] [PATCH v2 09/11] glep-0063: Make recommended expiration terms mandatory

* Michał Górny schrieb am 06.07.18 um 11:33 Uhr: > W dniu pią, 06.07.2018 o godzinie 11∶08 +0200, użytkownik Marc > Schiffbauer napisał: > > * Michał Górny schrieb am 05.07.18 um 20:25 Uhr: > > > W dniu czw, 05.07.2018 o godzinie 17∶37 +0200, użytkownik Marc > > > Schiffbauer napisał: > > > > +1 fo

Re: [gentoo-dev] [PATCH v2 09/11] glep-0063: Make recommended expiration terms mandatory

W dniu pią, 06.07.2018 o godzinie 11∶08 +0200, użytkownik Marc Schiffbauer napisał: > * Michał Górny schrieb am 05.07.18 um 20:25 Uhr: > > W dniu czw, 05.07.2018 o godzinie 17∶37 +0200, użytkownik Marc > > Schiffbauer napisał: > > > +1 for 5 years or at least 3. > > > > > > Having to renew/edit th

Re: [gentoo-dev] [PATCH v2 09/11] glep-0063: Make recommended expiration terms mandatory

* Michał Górny schrieb am 05.07.18 um 20:25 Uhr: > W dniu czw, 05.07.2018 o godzinie 17∶37 +0200, użytkownik Marc > Schiffbauer napisał: > > +1 for 5 years or at least 3. > > > > Having to renew/edit the key each year seems crazy to me. > > > > I have my primary key offline only, so renewing/edit

Re: [gentoo-dev] [PATCH v2 09/11] glep-0063: Make recommended expiration terms mandatory

On Thu, Jul 5, 2018, at 08:36 CDT, Michał Górny wrote: > I don't really know the original rationale for this. > > The NIST standard says 1-3 years. If I were to guess, I'd say 1 year > was chosen for subkey because subkey expiring is a 'smaller' issue than > the whole key expiring, i.e. other

Re: [gentoo-dev] [PATCH v2 09/11] glep-0063: Make recommended expiration terms mandatory

W dniu czw, 05.07.2018 o godzinie 13∶24 -0500, użytkownik William Hubbs napisał: > On Thu, Jul 05, 2018 at 03:36:09PM +0200, Michał Górny wrote: > > W dniu śro, 04.07.2018 o godzinie 18∶48 -0400, użytkownik Joshua Kinard > > napisał: > > > On 7/4/2018 5:24 PM, Michał Górny wrote: > > > > W dniu śro

Re: [gentoo-dev] [PATCH v2 09/11] glep-0063: Make recommended expiration terms mandatory

W dniu czw, 05.07.2018 o godzinie 17∶37 +0200, użytkownik Marc Schiffbauer napisał: > * Matthias Maier schrieb am 05.07.18 um 15:51 Uhr: > > > > On Thu, Jul 5, 2018, at 08:36 CDT, Michał Górny wrote: > > > > > That said, I'm open to using a different recommendation, e.g. 2 years > > > as in ris

Re: [gentoo-dev] [PATCH v2 09/11] glep-0063: Make recommended expiration terms mandatory

On Thu, Jul 05, 2018 at 03:36:09PM +0200, Michał Górny wrote: > W dniu śro, 04.07.2018 o godzinie 18∶48 -0400, użytkownik Joshua Kinard > napisał: > > On 7/4/2018 5:24 PM, Michał Górny wrote: > > > W dniu śro, 04.07.2018 o godzinie 23∶05 +0200, użytkownik Ulrich Mueller > > > napisał: > > > > > > >

Re: [gentoo-dev] [PATCH v2 09/11] glep-0063: Make recommended expiration terms mandatory

* Matthias Maier schrieb am 05.07.18 um 15:51 Uhr: > > On Thu, Jul 5, 2018, at 08:36 CDT, Michał Górny wrote: > > > That said, I'm open to using a different recommendation, e.g. 2 years > > as in riseup [1]. I suppose having the same time for both primary key > > and subkeys would make the spe

Re: [gentoo-dev] [PATCH v2 09/11] glep-0063: Make recommended expiration terms mandatory

On Thu, Jul 5, 2018, at 08:36 CDT, Michał Górny wrote: > That said, I'm open to using a different recommendation, e.g. 2 years > as in riseup [1]. I suppose having the same time for both primary key > and subkeys would make the spec simpler, and many developers are > mistaking expiration times

Re: [gentoo-dev] [PATCH v2 09/11] glep-0063: Make recommended expiration terms mandatory

W dniu śro, 04.07.2018 o godzinie 18∶48 -0400, użytkownik Joshua Kinard napisał: > On 7/4/2018 5:24 PM, Michał Górny wrote: > > W dniu śro, 04.07.2018 o godzinie 23∶05 +0200, użytkownik Ulrich Mueller > > napisał: > > > > > > > > On Wed, 4 Jul 2018, Michał Górny wrote: > > > > > > > > -3. Key expi

Re: [gentoo-dev] [PATCH v2 09/11] glep-0063: Make recommended expiration terms mandatory

On 7/4/2018 5:24 PM, Michał Górny wrote: > W dniu śro, 04.07.2018 o godzinie 23∶05 +0200, użytkownik Ulrich Mueller > napisał: >>> On Wed, 4 Jul 2018, Michał Górny wrote: >>> -3. Key expiry: 5 years maximum >>> +3. Key expiration: >>> + >>> + a. Primary key: 3 years maximum >>> + >>> + b. G

Re: [gentoo-dev] [PATCH v2 09/11] glep-0063: Make recommended expiration terms mandatory

W dniu śro, 04.07.2018 o godzinie 23∶05 +0200, użytkownik Ulrich Mueller napisał: > > > > > > On Wed, 4 Jul 2018, Michał Górny wrote: > > -3. Key expiry: 5 years maximum > > +3. Key expiration: > > + > > + a. Primary key: 3 years maximum > > + > > + b. Gentoo subkey: 1 year maximum > > What pr

Re: [gentoo-dev] [PATCH v2 09/11] glep-0063: Make recommended expiration terms mandatory

> On Wed, 4 Jul 2018, Michał Górny wrote: > -3. Key expiry: 5 years maximum > +3. Key expiration: > + > + a. Primary key: 3 years maximum > + > + b. Gentoo subkey: 1 year maximum What problem are you trying to solve here? Ulrich pgpfeO7ifif_W.pgp Description: PGP signature

[gentoo-dev] [PATCH v2 09/11] glep-0063: Make recommended expiration terms mandatory

Given that the key expiration can be updated in place, there is no reason to provide separate 'minimal' and 'recommended' values. --- glep-0063.rst | 19 ++- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/glep-0063.rst b/glep-0063.rst index e81c862..7455674 100644 -