[linux-elitists] OT: new GPG key

David Shaw dshaw@jabberwocky.com
Thu Jun 12 15:45:40 PDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Jun 12, 2003 at 03:33:31PM -0700, Aaron Lehmann wrote:
> On Thu, Jun 12, 2003 at 01:41:34AM -0400, David Shaw wrote:
> > So given all that, a nice way to handle the multiple machine problem,
> > the portable machine problem, and the online/offline machine problem
> > is to make a key with two subkeys, one for signing and one for
> > encryption.  Keep the primary (signing) key offline, and just use the
> > subkeys for your day to day work.
> 
> Is it better to just use a single pair of subkeys or to create a
> signing subkey for each setting, e.g. one for mobile use and another
> for desktop use?

Personal taste, but keep in mind that the key is only as secure as its
most-insecure usage.  So if your desktop machine is more "secure" than
your mobile machine, and you use the same subkey on both, then your
key is at the security level of your mobile machine.

Define "secure" however you like ;)

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iD8DBQE+6QKU4mZch0nhy8kRAtdQAKCOwg+ocj1NYqh5H14tgKZJ1JCiEACggal/
TdivawhC/z4ZU8s7MCa6OuA=
=eIig
-----END PGP SIGNATURE-----



More information about the linux-elitists mailing list