On 12/06/13 03:28, Paul Wise wrote: > On Wed, 2013-06-12 at 03:10 +0200, Carlos Alberto Lopez Perez wrote: > >> Which package contains such oui file? Is there any package shipping >> generic oui files to be shared or is every package shipping just his own >> oui file? > > None yet, all packages that need it ship a copy of it, possibly in a > different form. See these bugs for the current status (not good): > > http://bugs.debian.org/522741 > http://bugs.debian.org/522642 > http://bugs.debian.org/481296 > Interesting. I would keep an eye on this bugs. I think is a great idea to have this file shipped by only one package, ready for others to use. >> I find the usage of an expiration date a bit annoying, because if >> someone don't updates regularly his keyring he can have my key expired >> even if I renewed it, and he could run into trouble to encrypt the mail >> to me. Not everyone is tech savvy. This already has happened with some >> friends. > > Not regularly updating your keyring is a security issue because you will > miss key revocations. Makes sense. I didn't thought about this from that perspective > Having a key expiry is a good way to find people > who are vulnerable to this issue and inform them that they need to > change their practices. With parcimonie and tor installed, they > basically don't need to think about it any more. The OpenPGP best > practices document covers this and several other things: > I didn't know about parcimonie, looks like a must-have tool :) I will look at setting an expire date on my key. Thanks!
Attachment:
signature.asc
Description: OpenPGP digital signature