newbie question about identities

John Clizbe JPClizbe@comcast.net
Fri Oct 3 12:10:02 CEST 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Atom 'Smasher' wrote:
> i'm only a few years behind with gpg/pgp, but trying to get up to
> speed....
>
> i like the idea of identities, but i'm not sure if i'm either missing
> something, or if that part of the system (or documentation) is flawed....
>
> let's say i have 2 identities....
>         employee@big-corp
>          radical@big-corp-sucks
>
> obviously, each of these identities should be kept *FAR* apart.

Yup

> i see 2 problems with this:
> 1) the key-id is the same for both roles
> 2) when exporting the public key, both identities are part of it
>
> both of these factors make it too easy for one's "other" identity to be
> revealed... this could be bad (very bad, since keys are like viruses,
> and can't be removed from circulation).
>
> so the question is, am i missing something? or is this a fact of life if a
> single key-pair is used for multiple IDs? if one wants to use multiple
> IDs (and keep each ID isolated from all other IDs), is it necessary that
> each ID has it's own key-pair?

No, you got it right.

Even if you kept two distinct keyrings: one with the employee ID keypair
and the other with the radical ID keypair, assume the worst-case and
conclude that the key material (c|w)ould eventually end up being posted to
  keyservers and be re-united into one key.

Two roles && two VERY distinct identities ==> two keys. It would also be a
very good idea not to sign each key with the other, that could also
eventually lead back to both identities. Self-sign each key and leave it
at that.

If you use gpg/pgp at both home and work, it would be prudent to not have
your radical key on your work machine along with your employee key, at
least, not both secret keys (think: plausible deniability).

There is nothing good or bad about having multiple keypairs. It just boils
down to key management issues.

Standard Disclaimer: IANAL. TINLA. IANAD. TINMA. UAYOR. YMMV. Do not try
this at home. Professional Driver on Closed Course.
- --
John P. Clizbe                   Inet:   JPClizbe(a)comcast DOT nyet
Golden Bear Networks             PGP/GPG KeyID: 0x608D2A10
  "Most men take the straight and narrow. A few take the road less
traveled.  I chose to cut through the woods."
  "The purpose of life is to achieve balance, in a continual cycle of
gaining and retaining harmony. Walk in Beauty." - Navajo Proverb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows 2000)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/fT09HQSsSmCNKhARAh8eAJ9fGaJUsZIy13m752k0Aqf0pQXQUQCgoomr
OtMQWL+ntMKYPRVbZrJJ9Lo=
=7HVP
-----END PGP SIGNATURE-----





More information about the Gnupg-users mailing list