On Wed, 2013-06-12 at 03:10 +0200, Carlos Alberto Lopez Perez wrote: > Which package contains such oui file? Is there any package shipping > generic oui files to be shared or is every package shipping just his own > oui file? None yet, all packages that need it ship a copy of it, possibly in a different form. See these bugs for the current status (not good): http://bugs.debian.org/522741 http://bugs.debian.org/522642 http://bugs.debian.org/481296 > I have AES encrypted revocation certificates already generated that I > store in different places. In case I lost my private key I can just > revoke it. A revocation certificate isn't enough; there are plenty of situations where you want the key to become invalid and you won't be able to access those revocation certificates; most of them involve accidental death or permanent loss of mental faculties. > I find the usage of an expiration date a bit annoying, because if > someone don't updates regularly his keyring he can have my key expired > even if I renewed it, and he could run into trouble to encrypt the mail > to me. Not everyone is tech savvy. This already has happened with some > friends. Not regularly updating your keyring is a security issue because you will miss key revocations. Having a key expiry is a good way to find people who are vulnerable to this issue and inform them that they need to change their practices. With parcimonie and tor installed, they basically don't need to think about it any more. The OpenPGP best practices document covers this and several other things: https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#make-sure-you-are-receiving-regular-key-updates -- bye, pabs http://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part