Re: [openpgp] details of 4880bis work

On Tue, 2015-04-21 at 02:34 +1000, Ben McGinnes wrote: 
> > I don't agree at all.
> > Actually we should make it finally usable that a person has only one
> > primary (and certifying/certified) key,... and many subkeys which are
> > usable for different use cases, which is right now practically
> > impossible.
> Hmm ... if you think I'm taking the master/cert key for any of my
> personal keys and leaving it on hardware controlled by an employer
> then you'll be waiting a long time.
Actually the opposite:
You should be able to place your *secondary* key(s) onto your employer's
hardware.. but for that to be practically usable, we need some kind of
"UID or role attributes" or anything that like which can be connected
with certain subkeys.


> This bit is true and certainly the functionality of the first part
> would be useful, but you can be sure that some people will still
> separate keys to some extent.
Sure... but that's a completely unrelated thing.

> It's not that I didn't trust a company and thought it might screw me
> over one day, it's just that ... oh, wait, that was exactly it.
Sure... but that's one of the reason why it might make sense to have
e.g. different key flags depending on the combination of UID *and*
subkey (of course right now, there is no connection between UID/subkey,
at least not in the sense mentioned above).

Cheers,
Chris.-

smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp