-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/12/14 15:15, Tomo Ruby wrote:
> I really know only of this approach: The more encrypted/signed data I
> spread over the web, the easier it might be for an attacker to calculate
> the secret key.
If this was advice directly relating to OpenPGP: D
On Thu, Dec 11, 2014 at 02:11:22AM +0100, outa wrote:
> Has anyone experienced the same problem and could point me to a solution?
Not necessarily a solution, but a pointer to a discussion which took place:
http://lists.gnupg.org/pipermail/gnupg-devel/2014-August/thread.html#28689
Cheers,
Tobi
Hi.
On Thu, Dec 11, 2014 at 01:49:36PM +0100, Peter Lebbing wrote:
> Probably monkeyscan from monkeysign...
FWIW: A tool with a similar goal is GNOME Keysign:
https://github.com/muelli/geysigning (Note that the repository will move, so
this link will become defunct)
Contrasting caff or monkeysign
> Recommended by whom and against what threat model? And, really, the
> same lifespan for signing keys as for encryption keys?
To be honest I didn't think and search about that too much, but that was not
the point anyways...
> My take on the advice I have most often seen in previous
> discussion
