Multiple email addresses - any alternative to ask everyone to sign all my keys?

Mark H. Wood mwood at IUPUI.Edu
Wed Jul 24 14:51:53 CEST 2013


On Wed, Jul 24, 2013 at 12:04:40AM +0200, Philipp Klaus Krause wrote:
> Am 23.07.2013 23:22, schrieb Max Parmer:
> 
> > 
> > Sounds like you might want an offline master key with a couple UIDs and
> > several subkeys.
> > 
> 
> But can I have multiple encryption subkeys, with encryption subkeys
> associated with UIDs? I one subkey per UID only works for signing.
> 
> > Also if I didn't trust a system enough to use any secret key on it I
> > probably also would not want to expose decrypted messages to that
> > system, presuming the messages you receive have sensitive/important
> > information in them.
> > 
> > Something to consider if you really have cause to not trust that
> > computer might be setting up a dedicated, air-gapped system for
> > encryption/decryption.
> 
> I do not trust the computer at university with the secret key used to
> decrypt my private mail. I did set up that computer myself, but we have
> burglars breaking into the offices every few years, many people have
> keys to the office, etc.
> 
> Still, I want  to be able to read any encrypted mail sent to my
> unversity addresses on the computer at university. And I want to use
> encryption, since the mails might contain sensitive information, such as
> exams, grades, etc (and the mail servers are maintained by students).

It's called compartmental design.  No one compromise destroys all your
security.

-- 
Mark H. Wood, Lead System Programmer   mwood at IUPUI.Edu
Machines should not be friendly.  Machines should be obedient.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: </pipermail/attachments/20130724/7bcb1f90/attachment.sig>


More information about the Gnupg-users mailing list