Mainkey with many subkeys??

MFPA 2014-667rhzu3dc-lists-groups at riseup.net
Fri Dec 12 01:27:44 CET 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512



On Thursday 11 December 2014 at 2:15:26 PM, in
<mid:5489A6FE.60001 at web.de>, Tomo Ruby wrote:



> To be honest I didn't think and search about that too
> much, but that was not the point anyways...

I'm confused. You seemed to be making quite a point of it. (-:



> How do you judge whether to replace the key or not? Of
> course there are obvious opportunities when to replace
> keys but if nothing special (like the system being
> compromised) happens,

Or there are new ideas/standards/technology/exploits such that a
particular key size or algorithm is no longer considered safe, or
something is available with a smaller signature size, for example.

Examples include the introduction of subkeys, larger key sizes (2048
instead of 1024), DSA or DSA2 vs RSA, ...



> I really know only of this
> approach: The more encrypted/signed data I spread over
> the web, the easier it might be for an attacker to
> calculate the secret key. And because of that I'd
> replace on a regular basis. Please correct me here if
> I'm wrong!!

There are others on this list better placed to answer this. As far as
I know, the only thing actually encrypted to your secret key is the
session key for each message.



> See above, besides Enigmail for example uses default
> values with expiration dates...

I did not know that. I guess the Enigmail developers must know what
they are doing _and_why_.



> I'm not sure if I understand you right here but if you
> ask why I would use a subkey to sign, the answer is:
> Because I want to use an offline mainkey and subkeys
> for the daily work...

You were asking why most keys seem to have far fewer subkeys (in use
or expired/revoked) than the advice you were following would lead you
to expect. I was saying that one reason is because a large proportion
of keys do not have a signing subkey. (-;

My old key was a v3 key that didn't support subkeys, and that lasted
me about 11 years. My new key has signing subkeys of both RSA and
EDDSA varieties.

I understand the idea of offline main keys, but don't see how the use
case fits my threat model.


- --
Best regards

MFPA                    mailto:2014-667rhzu3dc-lists-groups at riseup.net

Always borrow money from a pessimist - they don't expect it back
-----BEGIN PGP SIGNATURE-----

iQF8BAEBCgBmBQJUijaDXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
MDAwMDAwMDAwMDAwMDAwAAoJEGt8dM6zHyXwF1cH/AxVGZX8jSLRcaI8fqFOu2+1
HM/pKrWnVgG+sqog2YQzhHFbXdteI0VmhmkKZVW6z8AJesudVFtrYvXNWmaCPywY
EDNFu05/G38zIIrAAblM4DXaKXOb6/nJeUeXpt+/JDRs+hRAzWpfbb8q3makCqns
1pHvP/q6fzDldttKPP432mGCFqmpZiRROxXcEH+Hsax+h6uFdytE7DMWM0CO0trK
C9ASwZKOzTJ5d+rlRIk0Z09RglJIExfGCDM1+RHmDa1n7B/hMvVt4WMB1d3Vv1ab
1Ha+q0YnNORXTKECbfdv1gHgxSiBub2zRKmV3U0LYlUEdKemFOPizy8gF2l5vOqI
vgQBFgoAZgUCVIo2lF8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
MDAwMDAwMDAwMDAwMAAKCRAXErxGGvd45NfbAQD5rRNgzhyHYHrClccbtLviXCYl
og6lJd9lAh9tjGdIqAEAMkRhtr2WRz6WTdUp7RFR4eUd6KJ86GSXk7o9BRFm0gM=
=zvmJ
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list