Multiple uid's vs. multiple primary keys & "master signing keys"

Faramir at
Tue Jun 24 05:30:28 CEST 2008

Hash: SHA1

David Koppenhofer escribió:
> 1) Multiple uid's (emails) per primary key versus multiple primary keys
> I have 3 email addresses I currently use: one personal, one for foss
> development, and one for work.  I could create 3 uid's associated with
> the same primary key (option A), or 3 separate primary keys with 1 uid
> each (option B).

  *I* would use option B, one key for each uid. The reason is because if
somebody takes a look at a public key with several uid's, that somebody
would know all these uid's are closely related, and also would know the
email address for each uid.

  I heard, a couple of weeks ago, about somebody who lost all her email
accounts because her primary email address was hacked. The hacker knew
the other email addresses, used the option "I forgot my password, send
it to my secondary email", and all the other email accounts sent their
passwords to the email that was compromised... allowing the hacker to
take control of all these accounts, changing the security questions and
secondary emails, so the true owner can't recover the accounts.

  Since then, I'd like to keep my email accounts isolated from each
other... I still have to figure out a way to set the secondary addresses
to still be able to ask my password in case I forget it, but without
risking all my accounts if somebody takes control over one of them.

  But all this is just my opinion about the subject, your opinion
doesn't need to be the same...

Best Regards
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla -


More information about the Gnupg-users mailing list