[linux-elitists] OT: new GPG key

Joey Hess joey@kitenet.net
Thu Jun 12 07:43:06 PDT 2003


Karsten M. Self wrote:
> In the past, some (notably Joey Hess) have argued *against* casual use
> of GPG signatures, partially on the basis that this could create a
> presumption of security (I lock my house and my car, I'm under little
> illusion that someone moderately motivated couldn't breech these
> countermeasures), or possibly lead to known cyphertext or known
> plaintext attacks (cryptographically unlikely given my understanding of
> the strengs of PKI).  My sense is that for workaday purposes, this s
> better than nothing, and more importantly, not worse than nothing.

I dealt with this to my satisfaction by going to a multi-key scheme; all
my mail is signed with this key, which affords about the same level of
security your new key does, and my main key is only used for the
important stuff, like signing software and revoking this key if someone
steals it.

-- 
see shy jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20030612/407f7451/attachment.pgp 


More information about the linux-elitists mailing list