[H-GEN] Key-signing at Humbug: Saturday, 1st March 2003

Christopher Biggs listjunkie at pobox.com
Tue Feb 25 02:08:16 EST 2003


[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

Raymond Smith <zzrasmit at uqconnect.net> moved upon the face of the 'Net and spake thusly:

> [I]s it better to have a many email
> addresses with one GPG key, or to have one primary GPG key that you get
> everyone to sign that you then use to sign other keys?

Provided you have a user agent which allows you to easily choose which
key is used for outgoing messages, then "multiple special-use keys and
one long-lived signing key with which you participate in the
trust-web" is probably better than "one key with a bazillion user
IDs", as DELETING an ID from a key is a tricky situation (old copies
of your key with the old ID still present will be floating around all
over the 'net).  The multiple-key scheme also allows you to use an
"extreme paranoia" key length for your signing key and a "sufficiently
secure for the short term" key length for your working keys.  You can
pre-compute revocation messages for all your low-security keys, and
keep them encrypted with your high-security key[1].

Another drawback to the single-key option is that you may not wish to
have all your different e-mail addresses advertised as 'synonyms' on a
single multi-ID key (eg. you may want to use one email address for
pseudonymous Usenet rabble-rousing, and another one for serious
private or business correspondence).

--cjb

[1] There is no real requirement to keep a revocation certificate
    encrypted, except that it could be stolen and published as another
    form of denial-of-service attack.    The longer you think about
    this, the more paranoid you get.
    


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/



More information about the General mailing list