| ahasenack_ | hi #security, do you have a good document outlining best practices for gpg keys? Considering subkeys | 17:33 |
|---|---|---|
| ahasenack_ | I know of https://github.com/drduh/YubiKey-Guide which talks a lot about subkeys | 17:33 |
| Montresor | About all I can tell you is "Don't generate a 2048 key and store it in Dropbox" :> | 17:37 |
| ahasenack_ | check | 17:37 |
| * ahasenack_ reads https://wiki.debian.org/Subkeys | 17:37 | |
| Montresor | ed25519 keys sounded interesting, but considering how hard it is to get a key signed...I'd be sticking with mine untilI absolutely can't. I realize of course this doesn't help at all. | 17:38 |
| ahasenack_ | what has ed25519 got to do with being hard to sign? | 17:41 |
| ahasenack_ | or you mean, if you were to change your key, you would have to work hard to get all the signatures again? | 17:42 |
| Montresor | The latter, any new key is a hard no. | 17:43 |
| ahasenack_ | that's the kind of best practice I'm looking for too. It's my vague understanding that with subkeys that is not a problem, you can rotate the subkeys, and you don't lose the signatures which were done on the parent key, or something like that | 17:43 |
| Montresor | Which would be good, yeah. | 17:43 |
| ahasenack_ | Montresor: oh, you are unit193 | 17:44 |
| ahasenack_ | what happened? :) | 17:44 |
| Montresor | It's Halloween, so to Poe we go. | 17:44 |
| ahasenack_ | aha | 17:44 |
| Montresor | (I'll be JackFrost for the winter/Christmas too.) | 17:44 |
| amurray | ahasenack_: we don't have any great documentation around gpg - probably the best is https://wiki.ubuntu.com/SecurityTeam/GPGMigration but that is quite old now | 18:20 |
| ahasenack_ | ok | 18:21 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!