Rationale/reasons for splitting Sign and Authenticate into two separate subkeys in a work-environment?
Christian Chavez
x10an14 at gmail.com
Tue Dec 22 13:31:42 CET 2020
Hi!
I'm currently helping my workplace test out Yubikeys - to see how/if they
could help us with our software development. One expected benefit is to
allow developers cryptographically sign Git commits/tags (e.g).
My question is based on this awesome answer by Thomas Pornin:
https://security.stackexchange.com/a/43591;
*In a work-environment, what benefits does one gain by having separate
Authentication/Signing (sub)keys?*
I understand and agree with the rationale of keeping a separate Encryption
key (so that this could be shared with your employer), but that rationale
does not extend for Signing/Authenticating (presuming a trustworthy
workplace which doesn't need to fake authentication/signing of employees).
--
Med vennlig hilsen/Kind regards,
Christian Chavez
Phone/Tlf: +47 922 22 603
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20201222/2937257f/attachment.html>
More information about the Gnupg-users
mailing list