Why 2.1 is delayed for so long

Werner Koch wk at gnupg.org
Tue Sep 23 08:27:12 CEST 2014

On Mon, 22 Sep 2014 19:22, infinity0 at pwned.gg said:

> Whilst we're on this topic, I think the master key should be
> certify-only by default, and have two subkeys for signing and
> encryption. This means that someone can later move the master key to
> separate storage, if they learn more about GPG and decide that this is
> suitable for them. If you start off with a master key for
> sign+certify, this is more awkward.

I disagree.  Two subkeys are the exception and are only used by a
minority of people who want to put extra work into setting up their WoT.
We may ask the keyserver admins whether they can figure out the
percentage of keys which have a separate signing key.

In any case, adding a signing subkey is simple and it just works for
everyone as soon as the public key has been uploaded. It is actually
much easier than replacing the encryption subkey (the  you need to keep
the old encryption key online for several months to be able to decrypt
mails from people who didn't refreshed your key yet).



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list