some beginner questions

Doug Barton dougb at
Sun Apr 2 20:20:16 CEST 2017

Some answers below, and you've already received some good answers, but I 
have some more fundamental questions. :)

First, and an important question for security-related stuff generally, 
what is your threat model? In other words, what dangers are you guarding 
against by using PGP? You mention evangelizing your key, and asking how 
to get more people to use PGP with you. Those are reasonable questions, 
but the first is the most important.

If you simply want a secure way to communicate with people that you know 
without others being able to snoop on the conversation, there are other, 
arguably better, and certainly easier, solutions. PGP has its use cases, 
but unless we know why you want to use it, it's nearly impossible to 
give you good advice.

More below.

On 04/01/2017 07:10 AM, Will Senn wrote:

> 3. I've read
> and other such pieces proclaiming the value of having the master key in
> a safe place and having subkeys on your actual devices.

What do you think a master key is, and why do you think it's important 
to protect it? What kind of devices do you want to put signing subkeys 
on? Why do you think that your use of PGP will be more secure if you 
have a signing subkey on a device, instead of your "main key?"

> 4. Is it safe to refer to my public key/fingerprint information as I did
> in the previous question with output from gpg?

In what way(s) do you think it could be unsafe?


More information about the Gnupg-users mailing list