Jesse Keating wrote:
> I've heard that a good strategy if you're going to generate a
> non-expiring key is to generate the revocation key at the same time,
> and replicate that in even more places, so in the event that you
> lose your private key you can revoke it instead of waiting for it to
> expire.
I'd say that generating a revocation cert is always the first thing to
do after creating a new key, whether it expires or not. You always
want to be able to revoke a key if you get into a pinch for whatever
reason.
Just peruse the archives of the pgp and gnupg lists and notice how
often someone shows up with the "I uploaded a key to the keyserver and
now I've lost the key because {my hard drive died,my dog ate it,etc},
so how do I delete the key from the keyservers?" problem. :)
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tact is just a mutual agreement to be full of shit.
-- Spider Robinson
Attachment:
pgpG5HmdeAx0a.pgp
Description: PGP signature
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
