[linux-elitists] OT: new GPG key
Karsten M. Self
Fri Jun 13 09:26:31 PDT 2003
on Thu, Jun 12, 2003 at 10:43:06AM -0400, Joey Hess (email@example.com) wrote:
> Karsten M. Self wrote:
> > In the past, some (notably Joey Hess) have argued *against* casual use
> > of GPG signatures, partially on the basis that this could create a
> > presumption of security (I lock my house and my car, I'm under little
> > illusion that someone moderately motivated couldn't breech these
> > countermeasures), or possibly lead to known cyphertext or known
> > plaintext attacks (cryptographically unlikely given my understanding of
> > the strengs of PKI). My sense is that for workaday purposes, this s
> > better than nothing, and more importantly, not worse than nothing.
> I dealt with this to my satisfaction by going to a multi-key scheme; all
> my mail is signed with this key, which affords about the same level of
> security your new key does, and my main key is only used for the
> important stuff, like signing software and revoking this key if someone
> steals it.
That's one of the IMO poorly understood points of PKI. While it's
useful to have a well-known key, there's nothing to prevent you from
creating multiple keys for multiple purposes, including (potentially)
single-use (one-time) or single-purpose (one task or one correspondant)
keys. Nor do you have to publish your public key to anyone other than
an intended recipient.
*Convention* is that public keys are well known and a single key is
used, but this is not a requirement.
The subkey concept also helps with this, though I still need to look mor
Karsten M. Self <firstname.lastname@example.org> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
zIWETHEY: Provocative, super smart, and oh yeah, just a little sexy.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20030613/55373a29/attachment.pgp
More information about the linux-elitists