Revocation certificate creation

Olav Seyfarth olav at enigmail.net
Tue Feb 26 14:37:49 CET 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Hi Werner,

>> When creating a key using Enigmail, it asks the user to save a rev cert. 
>> CLI should do the same.
> 
> You mean printing a hint to create a recovation certificate would be 
> enough?

well, first it's just my opinion. Second, I'd vote for a hint _at least_.
I'd prefer a question to the user whether he/she wants to create one.
Same applies for the key backup itself!

Even with question, there should be one sentence explaining why the user
should care about it, like

  If your private key is lost or broken or gets compromised, you might
  want to mark your public key invalid if you (or someone) put it on a
  public key server. You can do so using a revocation certificate.
  Would you like to create a revocation certificate now?

  (if yes, ask for typical "causes", maybe even multiple, IMHO no expert
  freetext "cause" - those that do know this also know how to use args.)

  [Farewell message prior to exiting] Mind to store a copy of your private
  and public key <if rev cert was created>and the revocation certificate(s)
  </if> on a reliable offline media and save that in a place only you have
  access to.

Well, that's a lot to read, maybe there's a shorter way to tell but it
should be readable by the average user. Again: my personal preference.

Olav
- -- 
The Enigmail Project - OpenPGP Email Security For Mozilla Applications

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (MingW32)
Comment: Dies ist eine elektronische Signatur - http://www.enigmail.net/

iQGcBAEBAwAGBQJRLLqmAAoJEKGX32tq4e9W0mIL/2oe7xQr+i7APk66K/gu6bI/
KK5nty4M7rnuTJ3FFSgnlf/4bSNJ/5omZrN0s1iI3lczijtjEh7AYyMIzCE6BcvZ
HcMtEqXkvoU7cPM+REXnGf9NaH2GOdhsHdI+1LPqSuSlEVXzj/kzcm1QwdhdpFnH
OcZROGB//TCWPMUpK0684X1w5XXDZJBOQ6YpYK3R/3IwhFoI54CSBKpGEwrskvVq
sJ1xIfggc9LYXnKUe2cMbdWNl2ovKcQmqixMviF4T+bvOeoBPX031VTIARVmMy1W
TkxT1FavS1bZdEzGYx73DwdI1Je+7n/UqwCpu3/0FuCUhxMKdDPB8Xw4GG6JwgWt
5gds5d6lGiZLMdu+fposLm9FQQPvy1UT8lONe2XVml7/Jag2o5pV08sv7abdIyi3
o0VzMWaDqIwVrSvW/gWcJVcH8kbLr3KWYZDQ5GEn8/FXIEUR5sWxhbUqe+jk10Gz
YEzqGMlwFlui6RGrFp7tByp148AnWeiZRNrgoJOFBQ==
=PtDr
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list