controlling the use of subkeys

Mike Frysinger vapier at
Sun Dec 24 02:37:03 CET 2006

On Saturday 23 December 2006 20:11, Robert J. Hansen wrote:
> Mike Frysinger wrote:
> > and what would you suggest ?  create brand new key sets when the
> > previous one expires ?  i thought one of the points of subkeys is to
> > minimize this sort of management
> The best way to minimize management is to reduce the amount of stuff
> that needs to be managed.
> There almost certainly exist specialized applications where key expiry
> makes a lot of sense.  But in general, I think most people who set their
> keys to expire do so without really thinking about what clear benefits
> it gives them, or what specific problem of theirs it will solve.
> If you can point to a specific requirement or need of the Gentoo
> community which key expiry will help address, then by all means, go for
> it.  Otherwise, simplify your management by removing expiries.

ok, but i think this is a different aspect than what we're talking about 
here ... sep keys means different uid's whereas a subkey is bound to the same 
uid ... people sign my uid and i have signing subkeys versus people sign my 
uid, i create a new key/uid and sign that with my own key

subkeys can have expiration limits placed on them as well, so i dont see how 
your thoughts here are specific to saying "subkeys are the wrong way of doing 
things" ... what'd i miss ?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20061223/0a8a7a2a/attachment.pgp 

More information about the Gnupg-users mailing list