-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2017-05-14 21:52, Peter Todd wrote: > On Sun, May 14, 2017 at 09:45:13PM -0500, Andrew David Wong wrote: >>>> (2), meanwhile, requires transferring the key to the QMSK's >>>> environment via: >>> >>> <snip> >>> >>> We're in agreement that's a less-than-wise idea. :) >>> >> >> Great points. Thanks! I think your setup would have been >> preferable, since I'm pretty sure Marek's key was generated on a >> different machine (in which case some kind of riskier transfer >> must have occurred, but perhaps special precautions were taken). > > However, if that was done, is it really Marek's key? > > I'd want to think carefully about putting my name on such a key if > I hadn't generated it on my machine. OTOH, Marek doesn't appear to > have actually signed that key with any other key, so maybe he and I > agree on this point. :) >
I'm not saying that it would have been preferable for *Marek's* key to have been generated in the QMSK environment. Rather, I'm saying that it would have been preferable for a Strong Set Signing Key (SSSK) to have been generated in the QMSK environment and used to get the QMSK into the Strong Set, as you proposed, *instead of* Marek's key ever having been signed by the QMSK. (But again, I don't know what special precautions might have been taken in that case. Maybe it's fine.) - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZGR17AAoJENtN07w5UDAwWFIQAKdiVVMR8634Db01+KcZLuGv xUeyf6yU25vGpLKdgRA2VirU0in/X/6pPsQmw5CxUgS8ANTiaC1kb+iimjhlDVfG BizlzioybHLx+VMl6mftw/dSVGjiUnZsgaP75wJYtF/05uxOzV1KrFpiaKVc0HSg 4Ay3ZcrJCAGMHlK1m9WM1GMvybG2Os5B++xxMj7vnkFqX58zThrinRrGG+w3xnMh rzh271rekRDq2kg4KYgUJwrtpFyQT6RZkT0T0tPCosoFIUuPpkq3+0FaWRlLgd15 Ev/8la88IfQSjaCb8Qpgpt8hN6SMkB0rwVHAuH4EJwksc/ZWTh5uyCwBVRrKHpze r6Ie2jIIDTVHxXXrUf63vXYJ8nHhb2jSTSLSkPT+V1l47Hb2a+hroZfoNxI+TrtI F7sJUxYweySWrOYYvedo1T6coMOTdSt/qzHsRiOhKDPgX4HrDD2T3EN04k0NsdL4 59ROe3jZGGc50hzi55hhpt4KJBladoQ8ZUwMSSKXCV1UL3RBnC6LKKoZ5wtaBIx6 fgSOGDbSHqdZW347sX7BlZnX596lV5QT19EnjmbmPPacxNXT1hLpa/A7sObJtCF0 W+eefrbpiLjRIrwIv9Dn8eKcErsjm/+Z6yh1GpBT8mXuQyBQsQpa8Wi/1hRDhykx 1SqJU4PlCej9nNBeu1YV =y59E -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/246bf6a5-893c-7798-9826-6055b195c326%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.