-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Sun, May 14, 2017 at 10:16:13PM -0500, Andrew David Wong wrote: > On 2017-05-14 21:52, Peter Todd wrote: > > On Sun, May 14, 2017 at 09:45:13PM -0500, Andrew David Wong wrote: > >>>> (2), meanwhile, requires transferring the key to the QMSK's > >>>> environment via: > >>> > >>> > >>> > >>> We're in agreement that's a less-than-wise idea. :) > >>> > >> > >> Great points. Thanks! I think your setup would have been > >> preferable, since I'm pretty sure Marek's key was generated on a > >> different machine (in which case some kind of riskier transfer > >> must have occurred, but perhaps special precautions were taken). > > > > However, if that was done, is it really Marek's key? > > > > I'd want to think carefully about putting my name on such a key if > > I hadn't generated it on my machine. OTOH, Marek doesn't appear to > > have actually signed that key with any other key, so maybe he and I > > agree on this point. :) > > > > I'm not saying that it would have been preferable for *Marek's* key to > have been generated in the QMSK environment. Rather, I'm saying that > it would have been preferable for a Strong Set Signing Key (SSSK) to > have been generated in the QMSK environment and used to get the QMSK > into the Strong Set, as you proposed, *instead of* Marek's key ever > having been signed by the QMSK. (But again, I don't know what special > precautions might have been taken in that case. Maybe it's fine.) > Hi, thanks for the interesting discussion and many good points. This has inspired me to create this ticket: https://github.com/QubesOS/qubes-issues/issues/2818 Let's discuss there. Thanks, joanna. -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJZHu+MAAoJEDOT2L8N3GcYGxkP/A6xPFKnAI8tOao+P7B7wmGl Ua5eaQP3Ps7SJGmlQu+oNkrIcOL5MHPkU1UqjBP+sgRAoBbeXhBuoZ/xXKRTYKdk kjo4TKY9atvUVzV8mymIk7NyTHqhktlRf9GdHKbQ+0equp4/pmmf5fVTEmxZFoVT x8rFxIdxsQDgjtWoKyCndnbDPlNfdzsLBj6/QhrBjlt86zREr4aZ7/D6KRrVUggK 4GuhT6tMMRVXL6LvF7mbw5cz0aLiVLODvhY0YFzUInEXIvp7UGlKpcPjsFJtPlFu RHIXdNiiJHZCr1qgV2IjEpAVK/p+AxqJVu7X7Jt38fjvEcrkVPWvGcyafq59UpZp +DuKGQjFufQoB36F8q0fl8rqfaR0bG9WoNzh6tE23k4T0cZzy1UpCOb7fz1XYWuj csKAxkS1FvljT6v/7D1LoFo7mrPJaOruqZNRn5Yd6nc/OHJAM23r/O2fhFKNPR2O CSpeiqPCwzGcoca+x7ptPv4j0Bp27Gt9WsR/HqcTb2p6PVkKpZw0gC0P85tQ2H2K aPZFwajCDQa4PUY+hNzbMg9UW7gMPYOxL2INd6y1i9dt3K/IRIg8ou8FqMIk4vC3 IhyR8OcRwsXmki43oKVIbHZ6cFCo/MYs8xWjTs+x/bFKWxYlDBqzDePdoddOyuAT FjRmp2HS7bRiXtRPO+Jg =uVuG -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170519131348.GA23784%40work-mutt. For more options, visit https://groups.google.com/d/optout.