Hi, Michael.
My very personal take on this is:
On Thu, Jul 30, 2020 at 02:52:03PM -0400, Michael Richardson wrote:
Do you think it's appropriate to use the primary key?
I'd assume that any key that's tagged as a signing subkey would be the
appropriate one for this. Generally, primary keys are mainly used for
certification and can be used for signing. I think either a primary key
or a subkey as long as it is marked for signing.
Would you consider that a specific purpose subkey would be better?
I think in general that is up to the owner of that particular set of
keys to decide how to split the functions between his primary key and
subkeys.
It's likely we'd always want to use ECDSA (or EdDSA), so if the primary key
wasn't ECDSA, then generating a new subkey would be required anyway.
Not sure if this is completely necessary to determine, there are many
algorithms that can fit the bill (say, ed25519 is supported in gnupg
for a little while)...
Cheers!
-Santiago
signature.asc
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp