Recommendations for handling (multiple) user IDs - personal and company ones
dougb at dougbarton.us
Fri Jun 7 22:22:04 CEST 2013
-----BEGIN PGP SIGNED MESSAGE-----
I'm not sure where you're getting this "15 years" number.
In any case, the conventional wisdom is that for completely distinct
roles (such as personal vs. work) that separate keys is the way to go.
That way when you no longer have the work role the whole key can be
retired, and there is no question down the road about
old/expired/revoked subkeys. Personally I have used this strategy and it
has worked well for me. Also, some companies have key escrow practices
that make using a separate key the only viable option.
OTOH, others on this list, and many keys that I have signed over the
years, have combined various roles (i.e., personal and work e-mail
addresses) on the same key, so that practice is not uncommon.
hope this helps,
On 06/07/2013 01:09 PM, Branko Majic wrote:
| Hello again,
| With my OpenPGP smart-card set-up almost done (master key on one card,
| everyday sub-keys on second), I'm thinking a bit about how I should
| handle my user ID, since the master key will be valid for 15 years.
| What are the general recommendations on what to use the user ID for
| (i.e. which e-mail addresses)?
| In addition to adding my home/personal e-mail information, I was
| thinking of maybe adding my (current) company's e-mail as well (and
| starting to actually sign my outgoing work mails with the same card).
| The catch is that I might not stay in the company for full 15 years.
| I've read-up a bit on how the user IDs are handled, and seen that
| keyservers will merge user IDs instead of replacing them.
| So, is it common that people reuse the keys in this way (for both
| personal and work communications)? Any bad experiences or
| recommendations someone could share on this topic?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Gnupg-users