some beginner questions
Doug Barton
dougb at dougbarton.email
Sun Apr 2 20:20:16 CEST 2017
Some answers below, and you've already received some good answers, but I
have some more fundamental questions. :)
First, and an important question for security-related stuff generally,
what is your threat model? In other words, what dangers are you guarding
against by using PGP? You mention evangelizing your key, and asking how
to get more people to use PGP with you. Those are reasonable questions,
but the first is the most important.
If you simply want a secure way to communicate with people that you know
without others being able to snoop on the conversation, there are other,
arguably better, and certainly easier, solutions. PGP has its use cases,
but unless we know why you want to use it, it's nearly impossible to
give you good advice.
More below.
On 04/01/2017 07:10 AM, Will Senn wrote:
> 3. I've read
> https://superuser.com/questions/466396/how-to-manage-gpg-keys-across-multiple-systems
> and other such pieces proclaiming the value of having the master key in
> a safe place and having subkeys on your actual devices.
What do you think a master key is, and why do you think it's important
to protect it? What kind of devices do you want to put signing subkeys
on? Why do you think that your use of PGP will be more secure if you
have a signing subkey on a device, instead of your "main key?"
> 4. Is it safe to refer to my public key/fingerprint information as I did
> in the previous question with output from gpg?
In what way(s) do you think it could be unsafe?
Doug
More information about the Gnupg-users
mailing list