[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    Re: [qubes-devel] Re: GitLab
From:       Andrew David Wong <adw () qubes-os ! org>
Date:       2017-05-15 3:16:13
Message-ID: 246bf6a5-893c-7798-9826-6055b195c326 () qubes-os ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2017-05-14 21:52, Peter Todd wrote:
> On Sun, May 14, 2017 at 09:45:13PM -0500, Andrew David Wong wrote:
> > > > (2), meanwhile, requires transferring the key to the QMSK's
> > > > environment via:
> > > 
> > > <snip>
> > > 
> > > We're in agreement that's a less-than-wise idea. :)
> > > 
> > 
> > Great points. Thanks! I think your setup would have been
> > preferable, since I'm pretty sure Marek's key was generated on a
> > different machine (in which case some kind of riskier transfer
> > must have occurred, but perhaps special precautions were taken).
> 
> However, if that was done, is it really Marek's key?
> 
> I'd want to think carefully about putting my name on such a key if
> I hadn't generated it on my machine. OTOH, Marek doesn't appear to
> have actually signed that key with any other key, so maybe he and I
> agree on this point. :)
> 

I'm not saying that it would have been preferable for *Marek's* key to
have been generated in the QMSK environment. Rather, I'm saying that
it would have been preferable for a Strong Set Signing Key (SSSK) to
have been generated in the QMSK environment and used to get the QMSK
into the Strong Set, as you proposed, *instead of* Marek's key ever
having been signed by the QMSK. (But again, I don't know what special
precautions might have been taken in that case. Maybe it's fine.)

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJZGR17AAoJENtN07w5UDAwWFIQAKdiVVMR8634Db01+KcZLuGv
xUeyf6yU25vGpLKdgRA2VirU0in/X/6pPsQmw5CxUgS8ANTiaC1kb+iimjhlDVfG
BizlzioybHLx+VMl6mftw/dSVGjiUnZsgaP75wJYtF/05uxOzV1KrFpiaKVc0HSg
4Ay3ZcrJCAGMHlK1m9WM1GMvybG2Os5B++xxMj7vnkFqX58zThrinRrGG+w3xnMh
rzh271rekRDq2kg4KYgUJwrtpFyQT6RZkT0T0tPCosoFIUuPpkq3+0FaWRlLgd15
Ev/8la88IfQSjaCb8Qpgpt8hN6SMkB0rwVHAuH4EJwksc/ZWTh5uyCwBVRrKHpze
r6Ie2jIIDTVHxXXrUf63vXYJ8nHhb2jSTSLSkPT+V1l47Hb2a+hroZfoNxI+TrtI
F7sJUxYweySWrOYYvedo1T6coMOTdSt/qzHsRiOhKDPgX4HrDD2T3EN04k0NsdL4
59ROe3jZGGc50hzi55hhpt4KJBladoQ8ZUwMSSKXCV1UL3RBnC6LKKoZ5wtaBIx6
fgSOGDbSHqdZW347sX7BlZnX596lV5QT19EnjmbmPPacxNXT1hLpa/A7sObJtCF0
W+eefrbpiLjRIrwIv9Dn8eKcErsjm/+Z6yh1GpBT8mXuQyBQsQpa8Wi/1hRDhykx
1SqJU4PlCej9nNBeu1YV
=y59E
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/246bf6a5-893c-7798-9826-6055b195c326%40qubes-os.org.
 For more options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]