GnuPG Manual and Digital Signatures
Todd A. Jacobs
nospam@codegnome.org
Mon Sep 24 10:44:02 2001
>From the manual:
Typically, a digital signature has a long lifetime, e.g., forever,
and you also do not want to lose the signatures on your key that you
worked hard to collect. On the other hand, the encryption subkey may
be changed periodically for extra security, since if an encryption
key is broken, the attacker can read all documents encrypted to that
key both in the future and from the past.
>From this, and other sections of the text, it appears to be saying that
there is no security implication in someone cracking the master key
because it is only used to sign, and not to encrypt.
To my way of thinking, though, the fact that someone might be able to
forge my signature is at least as big a problem as allowing them to
intercept messages with a compromised subkey.
Have I misunderstood the manual on this point? Am I wrong in thinking that
a signing key which never expires represents a danger?
--
Work: It's not just a job, it's an indenture.