implications of subkeys?

Frank Tobin ftobin@neverending.org
Tue Feb 26 21:02:01 2002


Douglas Calvert, at 14:55 -0500 on 2002-02-26, wrote:

>  I have gotten quite confused about subkeys. If I already have a key
> that I am using and I generate a new subkey does it inherit my
> signatures? When is it a good idea for subkeys? If there are two subkeys
> how does a recipient know which one to encrypt to? And on and on, I am
> lost...

subkeys do not 'inherit' signatures; they are signed, and as such become
attached to your public key.

At any one time, you should preferably have one valid subkey.  The idea is
that if need be, you can revoke a subkey because it has been compromised
(possibly law enforcement requires you to decrypt messages), without
revoking the primary key.  This allows you to stay keep your web of trust,
and you simply create a new subkey.

-- 
Frank Tobin		http://www.neverending.org/~ftobin/