Adam Back wrote:
On Fri, Feb 03, 2006 at 11:53:33AM +0000, Ben Laurie wrote:
2. Scrap encrypted private keys. We already have a symmetrically
encrypted container format with sufficient integrity protection, so
there is no reason to maintain another one. Just put the
unencrypted private key packet into that container, if you need
encryption. This will reduce the number of things to worry about
and make the security of OpenPGP easier to assess and maintain.
Yes, please!
What if you want different password on different keys?
(Think eg long term signing key vs short term signing key -- no point
having separate signing keys unless have possibility to use different
password.)
Eh? You can have 1 symmetric encrypted packet per key, they don't have
to share one.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff