implications of subkeys?

Steve Butler
Fri Mar 1 18:10:01 2002

Hmm.  This whole thread started because of somebody's desire to secure =
home communication versus their work site communication.  It really has=
a learning experience.  Your and David's helpful comments throughout th=
process have shed a lot of light.  So, if I have read everything correc=
it sounds like the general consensus is:
*  Have one signing only key pair -- the master set (most likely DSA of=

appropriate strength for long term usage).
*  Have one encryption sub-key (until most keyservers understand and
correctly handle multiple sub-keys) that is changed every so often.
*  Expose only the session-level key if possible when given a court ord=
(with appropriate legal counsel).
*  If must expose the encryption sub-key, then generate a new pair for
future use (and change it more often) and revoke the prior sub-key pair=

I guess this still doesn't answer the one individual's concern about wa=
to have business and personal encryption different in case a court orde=
forced exposure of one or the other key.  Sounds like we need to wait f=
updates to the keyservers.

-----Original Message-----
From: Janusz A. Urbanowicz []
Sent: Friday, March 01, 2002 8:12 AM
To: Steve Butler
Cc: 'David Shaw'; GnuPG Users
Subject: Re: implications of subkeys?

Steve Butler wrote/napisa=B3[a]/schrieb:

> The more comments I read, the closer I come to believing the best bet=
 is a
> key set for work and a totally separate key set for home.  Or more
> precisely, a personal set and a business set.

Don't do this. I did this once and still regret (my experiences with 'l=
v3 key' are a dim echo of this past). It complicates your web of trust
position, you have two set of user-ids to gather signatures, you never =
if your correspondent has the right key on and generally the hassle is
significant. And significantly bigger than for single key.

C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling |       =
  |   *

 ; (_O : +-------------------------------------------------------------=
 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem =
ka=BFde z=B3o |
A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF =
po dno;     |   |

CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments=
, is for the sole use of the intended recipient(s) and may contain conf=
idential and privileged information.  Any unauthorized review, use, dis=
closure or distribution is prohibited.  If you are not the intended rec=
ipient, please contact the sender by reply e-mail and destroy all copie=
s of the original message.