implications of subkeys?

David Shaw
Fri Mar 1 20:43:02 2002

On Fri, Mar 01, 2002 at 09:05:57AM -0800, Steve Butler wrote:
> Hmm.  This whole thread started because of somebody's desire to secure their
> home communication versus their work site communication.  It really has been
> a learning experience.  Your and David's helpful comments throughout this
> process have shed a lot of light.  So, if I have read everything correctly,
> it sounds like the general consensus is:
> *  Have one signing only key pair -- the master set (most likely DSA of
> appropriate strength for long term usage).

Yes.  The algorithm is up to you and what you trust more.  GnuPG 1.0.7
gives you the choice between DSA and RSA.  They each have advantages
and disadvantages.

> *  Have one encryption sub-key (until most keyservers understand and
> correctly handle multiple sub-keys) that is changed every so often.

Problem here.  If your key is already on the bad keyservers, adding a
new subkey will trigger the bug.  Even if you remove the old subkey
first, it doesn't leave the keyservers.

> *  Expose only the session-level key if possible when given a court order
> (with appropriate legal counsel).
> *  If must expose the encryption sub-key, then generate a new pair for
> future use (and change it more often) and revoke the prior sub-key pair,



   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson