controlling the use of subkeys

Robert J. Hansen rjh at
Sun Dec 24 02:50:42 CET 2006

Hash: SHA256

Mike Frysinger wrote:
> sep keys means different uid's whereas a subkey is bound to the same
>  uid ...

This is not the case.  The only (required) binding between a subkey and
a UID comes from the fact that each UID has a self-signature.  If you
create a new subkey, there's no explicit binding between that and a UID.

> subkeys can have expiration limits placed on them as well, so i dont
> see how your thoughts here are specific to saying "subkeys are the
> wrong way of doing things" ... what'd i miss ?

I hate to sound like an arrogant son-of-a-so-and-so, but it sounds like
you're attempting to do complex things with OpenPGP without
understanding OpenPGP very well.

My suggestion: figure out exactly what you need it to do and send it on
to the list.  If you need more than one sentence to do it, you may not
understand your basic problem very well.

For instance: "End-users need assurance that the package is really part
of Gentoo."

Or, "I need some way to separate my Gentoo maintainer identity from my
personal identity."

Or... etc., etc.

Come up with a single sentence describing your problem, and you'll get a
ton of responses by people with ideas for how to solve it.  After a
while, you'll see some consensus emerge about which ideas have merit and
which are the products of overactive imaginations.  (This being the
internet, there may be a lot more of the latter than the former.)

Then choose the simplest, most clearly-explained idea which has merit.

Version: GnuPG v1.4.6 (Darwin)
Comment: Using GnuPG with Mozilla -


More information about the Gnupg-users mailing list