Didrik Nordström [2017-02-14 19:02:08-08] wrote: > How do you handle key management? Let's say you just want to send a > signed and encrypted email once to someone who announced their pubkey > over https? What type of trust would you assign?
I don't personally know anybody who uses gpg. Even if I will meet someone it's unlikely that signing keys will make me part of any web. So web of trust is useless for me. That makes things very simple, in a way. I use "trust-model direct" and do some checking in web pages or check consistent use of signatures. If the key seems ok I'll "--edit-key", type "trust" and assign marginal or full trust for that key. That's it. And because I have no use for other people's signatures I also have "keyserver-options import-clean" so my keyring remains small. When Debian 9 is released, with GnuPG 2.1, I'll try "trust-model tofu+pgp" (trust on first use plus web of trust). It seems useful too. -- /// Teemu Likonen - .-.. <https://keybase.io/tlikonen> // // PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users