[linux-elitists] OT: new GPG key

Karsten M. Self kmself@ix.netcom.com
Fri Jun 13 09:26:31 PDT 2003


on Thu, Jun 12, 2003 at 10:43:06AM -0400, Joey Hess (joey@kitenet.net) wrote:
> Karsten M. Self wrote:
> > In the past, some (notably Joey Hess) have argued *against* casual use
> > of GPG signatures, partially on the basis that this could create a
> > presumption of security (I lock my house and my car, I'm under little
> > illusion that someone moderately motivated couldn't breech these
> > countermeasures), or possibly lead to known cyphertext or known
> > plaintext attacks (cryptographically unlikely given my understanding of
> > the strengs of PKI).  My sense is that for workaday purposes, this s
> > better than nothing, and more importantly, not worse than nothing.
> 
> I dealt with this to my satisfaction by going to a multi-key scheme; all
> my mail is signed with this key, which affords about the same level of
> security your new key does, and my main key is only used for the
> important stuff, like signing software and revoking this key if someone
> steals it.

That's one of the IMO poorly understood points of PKI.  While it's
useful to have a well-known key, there's nothing to prevent you from
creating multiple keys for multiple purposes, including (potentially)
single-use (one-time) or single-purpose (one task or one correspondant)
keys.  Nor do you have to publish your public key to anyone other than
an intended recipient.

*Convention* is that public keys are well known and a single key is
used, but this is not a requirement.

The subkey concept also helps with this, though I still need to look mor
einto it.

Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   zIWETHEY: Provocative, super smart, and oh yeah, just a little sexy.
     http://z.iwethey.org/forums/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20030613/55373a29/attachment.pgp 


More information about the linux-elitists mailing list