'sign (and cert)' or just 'cert' on a master key with subkeus
Mario Figueiredo
marfig at gmx.com
Mon Jul 31 16:44:52 CEST 2017
On Sun, 30 Jul 2017 22:19:22 +0200
Dirk-Willem van Gulik <dirkx at webweaving.org> wrote:
> I see a growing number of keys that have well managed & expired
> separate subkeys for Signing, Encryption and Authentication switch
> from ‘SC’ on the master key to just ‘C’ (all RSA, ignoring DSA).
>
> Would anyone know if there is some documented best practice ?
Could probably be a direct application of this Debian article (1) on
subkeys. And meant to to facilitate the recovery of the web of trust in
case of disaster.
On a separate tutorial (2), Alan Eliasen strongly advises against this
practice.
(1) https://wiki.debian.org/Subkeys?action=show&redirect=subkeys
(2) https://futureboy.us/pgp.html#PerfectKeypair
MF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170731/a1ce4838/attachment.sig>
More information about the Gnupg-users
mailing list