Keytypes and changing them
David Shaw
dshaw at jabberwocky.com
Tue Nov 29 05:25:04 CET 2005
On Tue, Nov 29, 2005 at 04:08:06AM +0100, Christoph Anton Mitterer wrote:
> If you look at professional CAs (e.g. DFN-PCA) they clearly state in
> their Policies that e.g. they'll NEVER use their root keys for signing
> data but only for signing keys (DFN does this with its root-PGP-keys for
> example).
> I think the advantage is,... that other users can at least think that
> the key is more likely not used in daily-bussines (with potentially
> insecure applications,.. Thunderbird,.. etc.) but only when the owner
> signs a key.
> But of course this is only a personal opinion ;-)
> However:
> => It is defenitely sure that with a C-only primary key (and a S-subkey
> - of course WITH backsigs) I would NOT loose any security or
> cryptography strength, at all, right? The only problem is that issue
> with challenge-response, right?
This is not a cryptographic question. The key is same either way.
This is just a flag that says "I intend this key to be used for
xxxxxx".
And - this is the important bit - the user can *reissue the flags as
desired*. I can make my key claim to be anything I like, and then
change it 5 seconds later. Anyone who bases any decisions on what
flags the key has is fooling themselves.
> btw: Wouldn't it just work to answer the challenge by signing with the
> signing subkey? If someone would trust my primary key he should also
> trust my secondary (because it is bound to the primary by the 0x18-sig),
> or am I wrong?
No. A certification signature is made over the primary key and the
user ID. A signing subkey is not involved in this, and is thus not
really able to answer the challenge.
David
More information about the Gnupg-users
mailing list