Mainkey with many subkeys??

[Tomo Ruby]

> I'm confused. You seemed to be making quite a point of it. (-:

I'm confused too, that makes two ;) I didn't think about specific expiration times of subkeys. I tried to figure out why everybody has no revoked subkeys at all...

> There are others on this list better placed to answer this. As far as
> I know, the only thing actually encrypted to your secret key is the
> session key for each message.

Peter Lebbing wrote:
> For all practical purposes, this is impossible. You don't get an improved chance
> of computing the secret key with more ciphertexts and/or signatures; not in any
> meaningful way.

Ok, so this might be the point I'm missing here. Thinking about encrypting data that seems obvious because (as you wrote too) everyone can produce encrypted data with the public key... But what does "meaningful way" mean?

Are there really no reasons to replace keys on a regular basis? Of course besides from
> new ideas/standards/technology/exploits such that a
> particular key size or algorithm is no longer considered safe, or
> something is available with a smaller signature size
or other rather irregular reasons?

> I was saying that one reason is because a large proportion
> of keys do not have a signing subkey. (-;

Ok, got that now, tricky answer! :)

> I understand the idea of offline main keys, but don't see how the use
> case fits my threat model.

Well in this point I'm possibly a little paranoid but I don't fully trust any system with internet connection. But if I think about that again: If I replace keys mostly because technology changes I'll have to replace the main key too anyways...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20141213/c04f7b63/attachment.sig>