From 1a1d0e95b8da5e67fb76589eecf72aa7592d7dd7 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Tue, 4 Apr 2017 12:48:13 -0400
Subject: move TODO to doc/todo, expand a few items

---
 ...move_gpg_key_passphrase_from_backed_up_gpg_keys.mdwn | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 doc/todo/remove_gpg_key_passphrase_from_backed_up_gpg_keys.mdwn

(limited to 'doc/todo/remove_gpg_key_passphrase_from_backed_up_gpg_keys.mdwn')

diff --git a/doc/todo/remove_gpg_key_passphrase_from_backed_up_gpg_keys.mdwn b/doc/todo/remove_gpg_key_passphrase_from_backed_up_gpg_keys.mdwn
new file mode 100644
index 0000000..5a370be
--- /dev/null
+++ b/doc/todo/remove_gpg_key_passphrase_from_backed_up_gpg_keys.mdwn
@@ -0,0 +1,17 @@
+Remove gpg key passohrase from gpg keys that keysafe backs up.
+
+The reason for this is that the user may well forget their gpg key
+passphrase, and it's *weird* to restore a key with keysafe's password
+and then have it passphrase protected.
+
+The gpg key passphrase is intended only to keep a key from being used
+for a short period of time (a week or so) when the device holding it
+is known to have been compromised, so the key can be revoked.
+This doesn't really apply to keys backed up with keysafe -- if they get
+compromised somehow, the user won't know, and cracking the gpg passphrase
+should be almost trivial to an attacker who was able to break keysafe's
+password.
+
+paperkey can remove gpg key passphrases. Is there any better way?
+It might make sense for keysafe to prompt for a new gpg passphrase
+when restoring.
-- 
cgit v1.2.3