[Q] Multiple signing keys (was: DSA 1024-bit limit)
David Shaw
dshaw@jabberwocky.com
Thu May 15 03:33:03 2003
--WfZ7S8PLGjBY9Voh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, May 13, 2003 at 10:42:32PM -0400, Dennis Lambe Jr. wrote:
> It was based on this information that I made the decision to create my
> key as follows:
>=20
> pub 4096R/F53BA904 2003-04-21 Dennis Patrick Lambe Jr.
> [...snipped other IDs...]
> sub 1024D/16DE8D28 2003-04-21
> sub 4096g/BCE387ED 2003-04-21
>=20
> I believe David Shaw has a similar rationale for his key, which has the
> same structure. Is that right, David?
That is correct. I use a large RSA key as the primary, with an
encryption subkey, and a DSA signing subkey for day to day use. The
RSA primary is stored offline, so in a disaster scenario, I can just
revoke the subkeys and not lose the entire key.
David
--WfZ7S8PLGjBY9Voh
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc
iD8DBQE+wu5e4mZch0nhy8kRAsQ1AKDjlUYCrXfkBAbi2E833uZFGp/mJACgzP1d
QBaDv4HZ1eDcMqBFLcmg2hs=
=JFuK
-----END PGP SIGNATURE-----
--WfZ7S8PLGjBY9Voh--