[linux-elitists] OT: new GPG key

David Shaw dshaw@jabberwocky.com
Mon Jun 16 09:23:12 PDT 2003


On Fri, Jun 13, 2003 at 05:26:31PM +0100, Karsten M. Self wrote:
> on Thu, Jun 12, 2003 at 10:43:06AM -0400, Joey Hess (joey@kitenet.net) wrote:
> > Karsten M. Self wrote:
> > > In the past, some (notably Joey Hess) have argued *against* casual use
> > > of GPG signatures, partially on the basis that this could create a
> > > presumption of security (I lock my house and my car, I'm under little
> > > illusion that someone moderately motivated couldn't breech these
> > > countermeasures), or possibly lead to known cyphertext or known
> > > plaintext attacks (cryptographically unlikely given my understanding of
> > > the strengs of PKI).  My sense is that for workaday purposes, this s
> > > better than nothing, and more importantly, not worse than nothing.
> > 
> > I dealt with this to my satisfaction by going to a multi-key scheme; all
> > my mail is signed with this key, which affords about the same level of
> > security your new key does, and my main key is only used for the
> > important stuff, like signing software and revoking this key if someone
> > steals it.
> 
> That's one of the IMO poorly understood points of PKI.  While it's
> useful to have a well-known key, there's nothing to prevent you from
> creating multiple keys for multiple purposes, including (potentially)
> single-use (one-time) or single-purpose (one task or one correspondant)
> keys.  Nor do you have to publish your public key to anyone other than
> an intended recipient.

Yes.  Note that the same thing applies to subkeys as well.  There is
no reason you can't generate a subkey for a given correpondant, etc.
There are of course advantages and disadvantages, but it's one more
tool in the toolbox.

David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 261 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20030616/66d899d1/attachment.pgp 


More information about the linux-elitists mailing list