[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CABMQnVLd3VpNntgUEiCYrjCAVt4dAtO2H5C3iAsfEv0kA3URrw@mail.gmail.com>
Date: Mon, 3 Oct 2011 08:02:39 +0900
From: Nobuhiro Iwamatsu <iwamatsu@...auri.org>
To: Greg KH <greg@...ah.com>
Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
"H. Peter Anvin" <hpa@...or.com>
Subject: Re: kernel.org status: establishing a PGP web of trust
Hi,
2011/10/1 Greg KH <greg@...ah.com>:
> On Fri, Sep 30, 2011 at 04:50:37PM -0700, H. Peter Anvin wrote:
>> 2. Create a new PGP/GPG key, and also generate a key revocation
>> certificate (but don't import it anywhere -- save it for the
>> future) for your new key. In the near future we are considering
>> setting up an escrow service for key revocation certificates.
>>
>> I recommend using a 4096-bit RSA key. Given how fast computers are
>> these days, there is no reason to use a shorter key. DSA keys
>> should be considered obsolete; substantial weaknesses have been
>> found in DSA.
>>
>> $ gpg --gen-key
>> $ gpg -u <key ID> -o <key ID>.revoke --gen-revoke
>
> I would recommend a physical access device for your new gpg key that you
> create. I've heard good things about this USB device:
> http://www.crypto-stick.org/
> and am trying to have a bunch of them at the Kernel Summit this year to
> hand out to people if they want one.
>
> There are also lots of other smart-card form-factor devices that can be
> used to store GPG keys. Some places to purchase these can be found at
> links from the above site.
Maybe you know , there are the following projects, too.
http://www.fsij.org/gnuk/
Nobuhiro
--
Nobuhiro Iwamatsu
iwamatsu at {nigauri.org / debian.org}
GPG ID: 40AD1FA6
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists