-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Let me add, and no offence of course, from the fact that you are
relegating those short-lifetime signing sub keys to a less secure
environment, I infer that you have no confidence in them, so how
do you expect others to trust such keys, or signatures generated
by them for that matter? You might as well not sign at all.
Less secure = less confidence != no confidence. Here's an example
(fictional, but this is what I would do if I could):
I store my long term primary key on a floppy. When I need the primary key
(to create a new subkey or to sign another key), I do that signing on a
secure stand-alone workstation. When I'm not using that floppy, I store the
key off-site in a safe-deposit box. The less secure subkeys are stored on a
laptop. Now, I believe my laptop is secure, but it's subject to theft. If
it's stolen, I can simply revoke that signing subkey. Now, what happens if
I leave for a lunch break and someone steals my signing subkey? If I notice
it, I can revoke the subkey. By having short-term subkeys, I can limit the
number of legitimate signatures that are invalidated by this. Also, if the
subkey expires in a week or month, the attacker will have to repeat the
subkey theft. This increases their chances of getting caught.
This is no worse than people who keep their primary key on said laptop and
use it for signing. It's quite obviously more secure.
Richard Laager
-----BEGIN PGP SIGNATURE-----
Version: 6.5.8ckt http://www.ipgpp.com/
iQA/AwUBPu3Fym31OrleHxvOEQJI1gCgseinuSwV8uDA3hYuQiVOmKT8VXcAoObj
ddCi+kWnU3Z6TvvsOBeZrmB9
=KM1m
-----END PGP SIGNATURE-----