one key or multiple keys
Joseph Bruni
jbruni@mac.com
Sun Jun 22 22:12:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Another reason would include physical key security. If you have one key =0D=
and choose to use the same for home and work, you'd need to revoke your =0D=
one key in case your computer at work was ever compromised (and vis =0D
versa).=0D
=0D
Another might be privacy. You may not want both your home and work =0D
email addresses on one key if you have some reason for people not to =0D
know where you work. If you change employers, you would need to revoke =0D=
that user-ID and set up another. Eventually, your key would start to =0D
look like your resum=E9. :)=0D
=0D
=0D
=0D
On Sunday, June 22, 2003, at 10:34 AM, Neil Williams wrote:=0D
=0D
> On Sunday 22 Jun 2003 2:34 pm, Marcin Gil wrote:=0D
>> This question came up recently:=0D
>>=0D
>> Should I use only ONE key for every email address I have=0D
>> (with multiple IDs, eg. Marcin Gil <email #1>, Marcin Gil <email #2>)=0D=
>> or should I use multiple keys -- one for every email address?=0D
>=0D
> It's mostly about maintenance. One key is easier to maintain than 4.=0D=
>=0D
> If you are going to collect signatures from others as part of a Web Of =
=0D
> Trust,=0D
> it'll be a bit easier if it's all on one key. With separate keys you =0D=
> could=0D
> end up generating lots of signatures on each key just by yourself - =0D=
> signing=0D
> each key with at least one of the alternatives. Keeping separate keys =0D=
> seems=0D
> quite a hassle. (Others can sign all verified UID's at the same time =0D=
> with one=0D
> key).=0D
>=0D
> Having separate encryption keys means that you have to have a way of =0D=
> telling=0D
> which key has encrypted the file - each with a different password.=0D
>=0D
> The only real reasons I can see to have multiple keys are:=0D
> 1. accidental (as with me): Generated a second key for a second =
machine=0D
> instead of reading up on GnuPG and learning how to export and import =0D=
> secret=0D
> keys.=0D
> 2. Different algorithms or key sizes etc. If you know about the =
various=0D
> algorithms and have preferences for one over another for email =0D
> signatures=0D
> versus encryption, then you can keep one key for email sigs and one =0D=
> for all=0D
> your encryption.=0D
>=0D
>=0D
>>=0D
>> Regards,=0D
>=0D
> -- =0D
>=0D
> Neil Williams=0D
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0D
> http://www.codehelp.co.uk=0D
> http://www.dclug.org.uk=0D
>=0D
> http://www.wewantbroadband.co.uk/=0D
>=0D
> <mime-attachment>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (Darwin)
iEYEARECAAYFAj72DdQACgkQ4rg/mXNDweNIAQCfWlRfuRmWpzR8a6pi+gQRYmEW
G5QAn0FBj/tVGfGwmBKylsMnQlMZQAaz
=3Dy/Ij
-----END PGP SIGNATURE-----