Best practices for multiple e-mail addresses (was also: newbie question about identities)

[Eugene Smiley]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Joel Konkle-Parker wrote:
> I have three distinct e-mail addresses: work, home, and another
> business. What's the best practice for keeping a key for each
> address? One key with multiple addresses in it (i.e. a key for me
> as a person)? A separate key for each address (i.e. a key for each
> of work/home/business as a unit)?
>
> How do others do it?

Below is an edited/expanded version of the answer that atom gives. I
recommend that it be addded as 3.1.2 The use of Role keys and Managing
User IDs for the Handbook.

====================================

There are two distinct ways of looking a Role keys. the first way to
look at role keys is that they are keys used by an entity a) for the
public to communicate securely with personnel filling particular roles
(network administrator, keymaster, list administrator, key revoker,
etc.), and b) for these personnel to certify important digital
documents. These keys are generally signed by a root key to designate
that the entity considers the key valid.

The alternative view of roles is at the individual user level. A user
may designate roles of related functions/User IDs. Bob might designate
a Work Role with UIDs of bob at example.com and webmaster at example.com and
a Personal role of bob at earthlink.net. These two roles would be created
as two seperate keys. Bob might even consider having a class of email
addresses without keys such as bob at hotmail.com and bob at yahoo.com. Or
Bob could have one key with any or all of the five User IDs.

Adding User IDs on a key is convenient when you use multiple names or
email addresses which do not socially conflict with each other. For
example, Alice (alice at example.com) works with Bob, and is an alumni of
a university (alice at prestigeous.univ.edu) and is a member of a trade
association (alice at ieeee.com). She wants the trust and "prestige" of
each of these organizations to be shared by the others. To do the same
thing with seperate keys would require everyone to sign 3 keys instead
of 3 User IDs.

However, co-worker Charlie (charlie at example.com) might be the
webmaster at Example-sucks.com and might lose his job if someone found
out. It would be a good idea if Charlie kept these two identities
seperate and distinct. Charlie SHOULD have seperate keys/roles for
these two (Work and Activist).

Additional key pairs can be created the same way as your first key
pair, with --gen-key. When encrypting or signing, use the --local-user
option to specify an ID other than the default.

====================================


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-nr2 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/hyUy6QPtAqft/S8RAqAUAJ9YJfIjMLpkBUhPvEo/1upcVW/H8wCfazyk
C3Ny4jadypofTB9eHOuY7FE=
=mNJJ
-----END PGP SIGNATURE-----