On Fri, Aug 11, 2017 at 10:08:16AM -0700, Sean Whitton wrote: > Thank you for the explanation. > > On Fri, Aug 11 2017, Jonathan McDowell wrote: > > > * If you don't want to buy hardware, use an offline master > > key. Create > > a certification only master key using something like PGP Clean Room > > on a non-networked host [...] > > By default, GnuPG creates a signing+certification master key. Could you > explain why it's a good idea to override that? I'm not sure what it > achieves. I see no reason why the master key should ever be used for signatures in such a scenario, so it seems sensible to indicate that it is purely for certification. J. -- /-\ | "Could I have an 'E', please, |@/ Debian GNU/Linux Developer | Bob?" (Blockbusters) \- |
Attachment:
signature.asc
Description: Digital signature