List Info

Thread: any recent text use advantages of sub-keys?
any recent text use advantages of sub-keys?
user name
 2006-10-19 16:50:30 

  


  

    




  



    

            
-----BEGIN PGP SIGNED MESSAGE-----

Hash: RIPEMD160



In reply to Jose Simoes's message sent 2006-10-19 08:46:



> any recent text/link/pointer/faq to "who to use" and advantages of

> sub- keys?

>;

> any info will b appreciated



Most people use subkeys to enable preservation or disabling of the

master signing key. DSS/Elg and RSAv4 keys are generated this way. There

is a master signing key, and an encryption subkey. The subkey, then, can

be freely revoked and not affect the master signing key. This is desired

especially in cases where you have many web of trust signatures that are

relied upon. There may be a need for a signing subkey. This can be done,

as well. This uncommon arrangement may exist in rare conditions such as

my LAN where Internet destined mail is encrypted on-the-fly as it leaves

the local mail server. I have disabled my master signing key and use a

signing subkey so that passphrase compromise cannot result in an

attacker having ability to issue web of trust signatures. Signatures

issued by my signing subkey therefore assure only that a message was

relayed via my personal mail server. Subkey signatures are issued for

message authentication, not sender authentication in my case (though

many people sharing a keypair may choose to each have a unique signing

subkey to authenticate the sender). Only the person with access to the

master signing key can issue web of trust signatures.



"Additional" subkeys are to be avoided unless you have a need for them.



It is not uncommon to have expiring encryption subkeys. Where multiple

encryption subkeys exist, the most recently generated non-expired subkey

will be used by senders.



- --

List Moderator, PGP Encryption Help Team



Mike Daigle                                   http://www.mikedaigle.ca

My PGP Key                      Send email with subject=pgpkey-request

Gossamer Spider Web of Trust                      http://www.gswot.org



-----BEGIN PGP SIGNATURE-----

Comment: GSWoT:CA1   Gossamer Spider Web of Trust  www.gswot.org

Comment: Mike Daigle   Ontario, Canada         www.mikedaigle.ca



iEYEAREDAAYFAkU3rQMACgkQTvHh4CsVTmJdXACfb0rcpCxwJPqK7T4TuUJetvDq

bwIAoJAOjD+vrg2t3txinCA/vgQACSlt

=pcNk

-----END PGP SIGNATURE-----



    
  

    
    __._,_.___
    
     
    
    
  
.


  

__,_._,___



  

  
  
   
     
    






 [1]











   
 





about | contact  Other archives ( Real Estate discussion Medical topics )