Re: Update FAQ about revocation certificates?

2018-11-12 Thread Daniel Kahn Gillmor 
fwiw, i agree with Damien that the existing text in the FAQ about
generating a revocation certificate should be removed.

I think that there should be some text like "where can i find my key's
revocation certificate?" which could be added to the FAQ.

However, situations like these:

On Sat 2018-11-10 15:20:41 +, MFPA wrote:
> Not immediately after generating a new GnuPG certificate. But it
> probably still belongs under "some common best practices". A user
> might find they have deleted the auto-generated revocation
> certificate, or the disk where it is stored may have died. Or maybe a
> user is revoking a key and wants to generate a revocation certificate
> that gives a reason for the revocation.

Sound like corner cases to me, and they will clutter the FAQ.  The FAQ
is not designed to answer all possible situations (and certainly not
general file system management questions, etc).  It will be better
(clearer, simpler) if it is targeted on the truly frequently-asked
questions.  For the corner cases, there is the man page, and there is
DETAILS.gz, and there is the mailing list, and there is the source.

I salute Damien's effort to get the FAQ into a more maintainable and
accessible state.

   --dkg


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Update FAQ about revocation certificates?

2018-11-10 Thread MFPA 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Thursday 8 November 2018 at 3:21:58 PM, in
,
Damien Goutte-Gattat via Gnupg-users wrote:-


> And with
> modern GnuPG there
> is no need to recommend to generate a revocation
> certificate.

Not immediately after generating a new GnuPG certificate. But it
probably still belongs under "some common best practices". A user
might find they have deleted the auto-generated revocation
certificate, or the disk where it is stored may have died. Or maybe a
user is revoking a key and wants to generate a revocation certificate
that gives a reason for the revocation.



- --
Best regards

MFPA  

Lack of money is no obstacle. Lack of an idea is an obstacle.
-BEGIN PGP SIGNATURE-

iNUEARYKAH0WIQSWDIYo1ZL/jN6LsL/g4t7h1sju+gUCW+b3WF8UgAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0OTYw
Qzg2MjhENTkyRkY4Q0RFOEJCMEJGRTBFMkRFRTFENkM4RUVGQQAKCRDg4t7h1sju
+sFgAQDH3JRs8fA52oI8TLW1crr5xWbZYH+graflvhRFUHQUagD/flhODM/8g7QI
zjAJeGhfWUzBqQ7PTieAKJU6BgVdWgCJApMEAQEKAH0WIQRSX6konxd5jbM7JygT
DfUWES/A/wUCW+b3WF8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0NTI1RkE5Mjg5RjE3Nzk4REIzM0IyNzI4MTMw
REY1MTYxMTJGQzBGRgAKCRATDfUWES/A/xM2D/4kHmaiTlisAI7fPChpwX+WKe7H
z5CpATuVTwz7c7EFFjYj4kiUg05LrQ6+A6aQD7DA82A5ozYiFiofgHTcrh7R9S/L
P/ukgf9dkAPkhgXaeoUys6rsOrNv2gl4k5FMll0oCqfLlevxz6vDPdQXPDhGykD1
/IXE0egCNbLVQDEJo/umI0zByc98L/i6IWuhwiW42w6ZX05hPkN0VpzcdJVeoWYw
+2gfO/RUA5KTej926OhebCOA2446NoPDlS+G0emy8dbt1LJhLvhaV6ogNiRJ8Lzq
ZTylCf9DCIjHC+qy2UtBHTrEIYc+nSp7oy/jTAHUmndPcUlgEUWfMxqQcGKrViLA
ixRmJPkSKzDeodCYYZ2/eR4UNmRgsmgTBc3CrcnhQHZ7bImqj3/JjlNlw5x7RT7W
UVY4B8EqUmuClZszS2iyDx8b1rapOckjZZprCZ/3dWtYjLARoMZjpazmaZj+T032
QGHLCK+bcNIAjCufMdhUoV6siF7LSrY3VRPnX87l+1J/YyzwZZuPeG2iCaTEnYRf
FqXlOdgCpXZrfWTu6QBQ2dlQSyiiyYS20MfPsBk3Z1VSmg26KN/iIwUQ4HpNt+1H
Bj+9MoHJiEtY5ifD5UEYtkW/FeCsknSFsPg1SUfhfaXgpkoMgASWGtvKL5YLNL8c
oV2aN58Kij3TGylfHw==
=NIuj
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Update FAQ about revocation certificates?

2018-11-09 Thread Stefan Claas 
On Fri, 09 Nov 2018 09:22:13 +0100, Werner Koch wrote:
> On Thu,  8 Nov 2018 18:34, stefan.cl...@posteo.de said:
> 
> > apartment and accidentally threw away the box
> > in which the revocation cert was stored... :-(  
> 
> :-(
> 
> > How would you procede now?  
> 
> Fetch your backup which for you will have stored at a different
> venue .-)

Thanks, i think i have now learned my lesson... ;-)

Regards
Stefan

-- 
https://www.behance.net/futagoza
https://keybase.io/stefan_claas


pgpCIQlFIVG9L.pgp
Description: Digitale Signatur von OpenPGP
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Update FAQ about revocation certificates?

2018-11-09 Thread Werner Koch 
On Thu,  8 Nov 2018 18:34, stefan.cl...@posteo.de said:

> apartment and accidentally threw away the box
> in which the revocation cert was stored... :-(

:-(

> How would you procede now?

Fetch your backup which for you will have stored at a different
venue .-)

Call the locksmith to open the lock; sometimes locksmiths are not able
to do that and will use brute force to open the door.  Then you have to
install a new lock.

With a private key you need to do the same - unfortunately, or better,
fortunately, you also need to build an entire new house and not just a
new lock.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgp5JkaU6DkCL.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Update FAQ about revocation certificates?

2018-11-08 Thread Stefan Claas 
On Thu, 8 Nov 2018 15:21:58 +, Damien Goutte-Gattat via Gnupg-users
wrote:
> Hi GnuPG folks,
> 
> The current version of the FAQ recommends creating a revocation
> certificate at several places.
> 
> 
> § 7.17
> 
>   "We recommend you create a revocation certificate immediately
>after generating a new GnuPG certificate."
> 
> 
> § 8.5
> 
>   "What should I do after making my certificate?
>Generate a revocation certificate"
> 
> 
> § 10
> 
>   "What are some common best practices?
>[...] Generate a revocation certificate"

O.k. i have an example, which happened a while
ago to me... [stupid me]

I forgot the passphrase of my key but had a revocation
certificate stored in a save place. I renovated my
apartment and accidentally threw away the box
in which the revocation cert was stored... :-(

How would you procede now?

Regards
Stefan

-- 
https://www.behance.net/futagoza
https://keybase.io/stefan_claas


pgpFFUnlAbfMc.pgp
Description: Digitale Signatur von OpenPGP
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users