[Pkg-gnupg-maint] Bug#752260: suggest parcimonie to slowly refresh the public keyring
ilf
ilf at zeromail.org
Sat Jun 21 19:04:13 UTC 2014
Package: gnupg
Version: 1.4.16-1.1
Please add "parcimonie" to Suggests.
From Riseup Labs OpenPGP Best Practices:
> Make sure you are receiving regular key updates.
> If you do not regularly refresh your public keys, you do not get
> timely expirations or revocations, both of which are very important to
> be aware of!
> If you do a simple ‘gpg —refresh-keys’, you disclose to anyone
> listening, and the keyserver operator, the whole set of keys that you
> are interested in refreshing.
> To avoid this, you can do regular key updates by using parcimonie to
> refresh your keyring. Parcimonie is a daemon that slowly refreshes
> your keyring from a keyserver over Tor. It uses a randomized sleep,
> and fresh tor circuits for each key. The purpose is to make it hard
> for an attacker to correlate the key updates with your keyring.
> Parcimonie is packaged in both debian and ubuntu.
https://we.riseup.net/riseuplabs+paow/openpgp-best-practices
Since parcimonie seems to be the only tool to do this that has a Debian
package, this seems the perfect suggestion.
Thanks, and keep up the good work!
--
ilf
Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
-- Eine Initiative des Bundesamtes für Tastaturbenutzung
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20140621/2216c150/attachment.sig>
More information about the Pkg-gnupg-maint
mailing list