more bikeshedding about offline primary keys & auth subkeys

Jérôme Pinguet jerome at
Wed Jun 25 19:53:26 CEST 2014


Thanks to Werner, I learned a new english word today: bikeshedding! :-)

This guide suggests
creating a subkey with authentication capability. Most other sources
stress the fact that the primary key and the offline computer must be
used to authenticate other people's public keys.

I'm at a loss.

Can I use an RSA subkey with autentication capability (and cross
certified) to authenticate other people's public keys, will it be
recognized by sks key servers and used in the web of trust?
Or do I have to use the primary key?

Hauke posted comments with critics about a few points, but not about
this issue.

In other developments, I'm impressed by the reactivity of the Arch Linux
community! The security fix 1.4.17 hasn't been released for Debian
Stable at the time of writing. The patch has only been applied to Sid.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 726 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140625/645b3745/attachment.sig>

More information about the Gnupg-users mailing list