multiple subkeys and key transition
Ben McGinnes
ben at adversary.org
Sat Dec 11 21:29:05 CET 2010
On 12/12/10 7:21 AM, David Shaw wrote:
> On Dec 11, 2010, at 2:55 PM, Ben McGinnes wrote:
>>
>> Cool. On a tangential note, could this be used as a basis for
>> applying a PKI/WoT model to certification of SSL keys, rather than
>> relying on CAs?
>
> Yes indeed. See http://web.monkeysphere.info/ for a project using
> the WoT for both SSH and HTTPS.
Awesome, I'm definitely going to have to take a look at this.
Grant, thanks for mentioning it too. :)
>> I assume this means that if the primary key can sign & certify, that
>> key will still be used to sign other keys even if there is a specific
>> signing subkey for messages and files. Right?
>
> Right. Since only the primary can certify, it will be automatically
> chosen whenever you try to sign another key.
Cool, I'm glad I'm on the right path.
Regards,
Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20101212/60e12a49/attachment-0001.pgp>
More information about the Gnupg-users
mailing list