On Wed, 2018-08-22 at 10:01 -0400, Rich Freeman wrote: > On Wed, Aug 22, 2018 at 9:55 AM Michał Górny wrote: > > > > On Wed, 2018-08-22 at 09:52 -0400, Rich Freeman wrote: > > > On Wed, Aug 22, 2018 at 9:48 AM Kristian Fiskerstrand wrote: > > > > > > > > On 08/22/2018 03:37 PM, Michał Górny wrote: > > > > > This is one attack vector that -- AFAIU -- hardware tokens protect > > > > > against. > > > > > > > > Right, although it only shifts the attack, so user would just wait until > > > > the token is available to perform whatever wanted anyways. In terms of > > > > after the attack, the difference is we don't really use OpenPGP as a > > > > long term identify such as it is in general. For a user, losing WoT etc > > > > can have an impact, for Gentoo we just update LDAP and access is > > > > effectively revoked without further issues, we don't need the key > > > > material to survive this attack to be used after the fact again, which > > > > is really what the hardware token helps for. > > > > > > > > > > This is why I don't get all the worrying about subkeys and expiration > > > and such. A key is valid if it is in LDAP, and invalid otherwise. > > > Anything else is unnecessary complication at best, and a distraction. > > > > > > > I presume you're verifying my mail signatures against developer data > > in LDAP. Please let me know once all mail clients distributed in Gentoo > > do that. > > I don't verify email signatures at all. Please let me know when gmail > supports this. :) > > But, if I cared about the integrity of emails I'd be a lot more > interested in whether the key used to sign the email is listed in LDAP > than whether it has a valid expiry date. Anybody with the primary key > can change the expiry date, so an expiry date on a primary key is > meaningless. > This only proves that you don't understand the purpose of expiration dates at all and only makes assumptions that have nothing to do either with reality or with the topic of this thread. -- Best regards, Michał Górny