'sign (and cert)' or just 'cert' on a master key with subkeus

Mario Figueiredo marfig at gmx.com
Mon Jul 31 16:44:52 CEST 2017


On Sun, 30 Jul 2017 22:19:22 +0200
Dirk-Willem van Gulik <dirkx at webweaving.org> wrote:

> I see a growing number of keys that have well managed & expired
> separate subkeys for Signing, Encryption and Authentication switch
> from ‘SC’ on the master key to just ‘C’ (all RSA, ignoring DSA).
> 
> Would anyone know if there is some documented best practice ?

Could probably be a direct application of this Debian article (1) on
subkeys. And meant to to facilitate the recovery of the web of trust in
case of disaster.

On a separate tutorial (2), Alan Eliasen strongly advises against this
practice.


(1) https://wiki.debian.org/Subkeys?action=show&redirect=subkeys
(2) https://futureboy.us/pgp.html#PerfectKeypair

MF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170731/a1ce4838/attachment.sig>


More information about the Gnupg-users mailing list