diff options
author | Michał Górny <mgorny@gentoo.org> | 2018-07-04 13:31:15 +0200 |
---|---|---|
committer | Michał Górny <mgorny@gentoo.org> | 2018-07-29 22:07:25 +0200 |
commit | 796f258aac7e71263f62ba83535f6811a07fe51a (patch) | |
tree | bf2b714df62213de596c7bcbf590ee8d39a18132 /glep-0063.rst | |
parent | glep-0063: Root key → primary key (diff) | |
download | glep-796f258aac7e71263f62ba83535f6811a07fe51a.tar.gz glep-796f258aac7e71263f62ba83535f6811a07fe51a.tar.bz2 glep-796f258aac7e71263f62ba83535f6811a07fe51a.zip |
glep-0063: Split out the signing subkey into a separate point
Reword the specification to express the requirement for separate signing
subkey more verbosely. Replace the ambiguous term 'dedicated' with
clear explanation that it needs to be different from the primary key
and not used for other purposes.
Suggested-by: Kristian Fiskerstrand <k_f@gentoo.org>
Diffstat (limited to 'glep-0063.rst')
-rw-r--r-- | glep-0063.rst | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/glep-0063.rst b/glep-0063.rst index 8542031..14541d7 100644 --- a/glep-0063.rst +++ b/glep-0063.rst @@ -46,15 +46,18 @@ Bare minimum requirements personal-digest-preferences SHA256 -2. Primary key and signing subkey of EITHER: +2. Signing subkey that is different from the primary key, and does not + have any other capabilities enabled + +3. Primary key and the signing subkey are both of type EITHER: a. DSA, 2048-bit b. RSA, >=2048 bits (OpenPGP v4 key format or later only) -3. Key expiry: 5 years maximum +4. Key expiry: 5 years maximum -4. Upload your key to the SKS keyserver rotation before usage! +5. Upload your key to the SKS keyserver rotation before usage! Recommendations --------------- @@ -106,7 +109,7 @@ Recommendations This may require creating an entirely new key. -3. Dedicated signing subkey of EITHER: +3. The signing subkey of EITHER: a. DSA 2048 bits exactly. |