Resurrecting the Monkeysphere 🐒
Jacob Bachmeyer
jcb62281 at gmail.com
Sun Aug 13 04:47:28 CEST 2023
John Scott via Gnupg-users wrote:
> Reduce, reuse, and recycle: why make a fresh public key pair when you can reduce, reuse, and recycle one you've already got?
Simple: to limit the exposure of the corresponding private key and the
work required to rotate any given keypair. Closely related, if
different applications use different cryptographic keypairs (i.e.
subkeys) you also have some indication where your private key got leaked
based on which subkey was compromised. This could be very important for
tracking down an unknown exploit, since it tells you where to start looking.
OpenPGP does have a solution to this problem (subkeys) that I hope
Monkeysphere will fully support. Will there be support for importing,
say, a Tor onion service keypair onto an OpenPGP certificate as a
subkey? (Obviously, tying Tor onion services to OpenPGP certificates
blows the whole "anonymous" thing to bits, but Tor onion services have
other uses, too.) Or, perhaps more practically, importing an existing
OpenSSH keypair as an OpenPGP subkey?
-- Jacob
More information about the Gnupg-users
mailing list