ietf-openpgp
[Top] [All Lists]

RE: OpenPGP Sub Keys (Was: key flag for authentication)

2003-06-16 05:35:25

If you are so paranoid, why don't you keep all your PGP keys
in a "more secure offline machine" and use PGP solely on it? 

Because for the vast majority of messages that I send, the increased
security would not be worth the extra effort. Whereas the compromise of
a key used to certify other keys has a much greater effect, and so to
many people it would.

Should you have a need for shorter-lifetime signing keys, 
just generate master keys explicitly for that purpose.

The point of the master key/subkey structure is that you shouldn't have
to do this, with the Web of Trust complications it introduces -- as
Werner said.

If indeed you have such needs, there is nothing to preclude 
from generating two distinct keys, one for signing and the 
other for encryption.

Nor is there anything to preclude me using the existing master
key/subkey structure to do this.

Let me add, and no offence of course, from the fact that you 
are relegating those short-lifetime signing sub keys to a 
less secure environment, I infer that you have no confidence 
in them,

Confidence is not a binary issue. I trust the environment they are used
in less; therefore I would give them a shorter lifetime, so that their
compromise would have a smaller impact.

Ian.