Mainkey with many subkeys??
2014-667rhzu3dc-lists-groups at riseup.net
Fri Dec 12 01:27:44 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
On Thursday 11 December 2014 at 2:15:26 PM, in
<mid:5489A6FE.60001 at web.de>, Tomo Ruby wrote:
> To be honest I didn't think and search about that too
> much, but that was not the point anyways...
I'm confused. You seemed to be making quite a point of it. (-:
> How do you judge whether to replace the key or not? Of
> course there are obvious opportunities when to replace
> keys but if nothing special (like the system being
> compromised) happens,
Or there are new ideas/standards/technology/exploits such that a
particular key size or algorithm is no longer considered safe, or
something is available with a smaller signature size, for example.
Examples include the introduction of subkeys, larger key sizes (2048
instead of 1024), DSA or DSA2 vs RSA, ...
> I really know only of this
> approach: The more encrypted/signed data I spread over
> the web, the easier it might be for an attacker to
> calculate the secret key. And because of that I'd
> replace on a regular basis. Please correct me here if
> I'm wrong!!
There are others on this list better placed to answer this. As far as
I know, the only thing actually encrypted to your secret key is the
session key for each message.
> See above, besides Enigmail for example uses default
> values with expiration dates...
I did not know that. I guess the Enigmail developers must know what
they are doing _and_why_.
> I'm not sure if I understand you right here but if you
> ask why I would use a subkey to sign, the answer is:
> Because I want to use an offline mainkey and subkeys
> for the daily work...
You were asking why most keys seem to have far fewer subkeys (in use
or expired/revoked) than the advice you were following would lead you
to expect. I was saying that one reason is because a large proportion
of keys do not have a signing subkey. (-;
My old key was a v3 key that didn't support subkeys, and that lasted
me about 11 years. My new key has signing subkeys of both RSA and
I understand the idea of offline main keys, but don't see how the use
case fits my threat model.
MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net
Always borrow money from a pessimist - they don't expect it back
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users