[Enigmail] and for my first mistake...

Faramir faramir.cl at gmail.com
Mon Jun 30 09:13:45 PDT 2008

Hash: SHA256

Taum Hanlon escribió:
> I first generated a key using RSA 4096 and then read that I should use 
> the default DSA/ElGamal ... so I got rid of it and generated the type 
> recommended in the FAQ.

  There is no problem using RSA keys, however, 4096 may be a bit too
much... most people seem to think 2048 is good enough (in fact, some
think 1024 is good enough). But it is your decision, these are standard
keys, so all of them are valid (as far as I know).

> ...and I published it to pool.sks-keyservers.net

  Good, that seems to be the most reliable servers... or that is what I
understood reading this list (and GnuPG list)

> I have a question regarding setting owner trust and signing.
> If you trust somebody and sign their key, the manual says it is good 
> etiquette to send them the new signed key and allow them to upload to a 
> key server.
> Does this mean that everytime your key is signed you need to upload it 
> to a key server to have that signture?

  Ehh... there are 2 ways to sing a key, local (non exportable) and
"normal" (I don't know the name for that one). With local option, you
sign the key to be able to send encrypted messages to that recipient,
but you don't let other people know you trust that recipient. With the
other option, you let people to see your signature... but for that, they
need to access the key signed by you. If the key is hosted in a key
server, like pool.sks-keyservers.net, you can export the public keys to
that servers, and that way you will make yous sign to appear in the
public key of your recipient. But if his/her public key is hosted only
in a web site, then you would need to send him/her the signed key, in
order he/she can update the hosted key file.

  Another option is to have the key in a web site _and_ in a
keyserver... that way, people can download it from the website (and they
can be more secure about that is the right key), and they can sign it,
and export it to the keyserver. The key owner can retrieve his own
public key form the keyserver, from time to time, (that way he/she would
get the version with most signatures), and use it to update the
webhosted keyfile. Or people can check the signatures from keyservers,
and they would update the signatures in the key...

> Also, can a key be signed by multiple people before it is uploaded to a 
> key server?  (I'm wondering how 'key parties' work)

  For what I have read here, it is suggested to go to the 'key party'
carrying a lot of pieces of paper with your key ID printed on it, and
your ID card (you will need it to prove you really are you). Then,
people see your ID card, see your face, compare them, and if they are
convinced you are you, they take one of those pieces of papers and brind
it home. Once at home, they take the papers, and begin to download and
sign these keys, after that, they upload them to the keyserver, and that
is all.

  Probably, other users will correct any mistake I may have done here...
 I am one of the less experienced people here, so don't trust too much
what I say...

Best Regards
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the Enigmail mailing list