one key or multiple keys

Adrian 'Dagurashibanipal' von Bidder avbidder@fortytwo.ch
Mon Jun 23 09:05:02 2003 

--Boundary-02=_Ocq9+D2+quYulGt
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Sunday 22 June 2003 22:13, Joseph Bruni wrote:
> Another reason would include physical key security. If you have one key
> and choose to use the same for home and work, you'd need to revoke your
> one key in case your computer at work was ever compromised (and vis
> versa).

This is the time where I speak up and mention http://fortytwo.ch/gpg/subkey=
s=20
again. Have your primary key on some secure (offline) storage, and use only=
=20
subkeys on the various systems.  A compromised key will not matter much - y=
ou=20
just revoke that subkey, but as the primary is not compromised, you don't=20
lose the key (and especially you don't lose your collected signatures on th=
e=20
key).=20

There are problems with this, that's why I wrote that web page. Also, there=
 is=20
one particular PGP8 bug I've not mentioned yet on the page, search the=20
archives, it was discussed.

> Another might be privacy. You may not want both your home and work
> email addresses on one key if you have some reason for people not to
> know where you work. If you change employers, you would need to revoke
> that user-ID and set up another. Eventually, your key would start to
> look like your resum=E9. :)

I guess you could even generalize this: if you use these email addresses mo=
re=20
or less just as aliases, use one key. If these email addresses are role=20
addresses, use multiple keys. Work vs. private is one thing, but also your=
=20
personal company email vs. your webmaster@company address is one case where=
=20
I'd advise to use separate keys.

greetings
=2D- vbi

=2D-=20
Available for key signing in Z=FCrich and Basel, Switzerland
                     (what's this? Look at http://fortytwo.ch/gpg/intro)

--Boundary-02=_Ocq9+D2+quYulGt
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iKcEABECAGcFAj72pw5gGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjQmbWQ1c3VtPTgxNjMwYmFhYmU5YTA2NzBi
YjE5YzFmYTg1MjdhN2FiAAoJEIukMYvlp/fWPTcAoJk+Z0yYlkyNpmyj3jlTV7EZ
n/VnAKCgZ0ldpnhqvemNIK2pBmfLOSJVrA==
=9czR
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/legal/gpg/email.20020822?version=1.4&md5sum=81630baabe9a0670bb19c1fa8527a7ab

--Boundary-02=_Ocq9+D2+quYulGt--