controlling the use of subkeys
Mike Frysinger
vapier at gentoo.org
Sun Dec 24 02:37:03 CET 2006
On Saturday 23 December 2006 20:11, Robert J. Hansen wrote:
> Mike Frysinger wrote:
> > and what would you suggest ? create brand new key sets when the
> > previous one expires ? i thought one of the points of subkeys is to
> > minimize this sort of management
>
> The best way to minimize management is to reduce the amount of stuff
> that needs to be managed.
>
> There almost certainly exist specialized applications where key expiry
> makes a lot of sense. But in general, I think most people who set their
> keys to expire do so without really thinking about what clear benefits
> it gives them, or what specific problem of theirs it will solve.
>
> If you can point to a specific requirement or need of the Gentoo
> community which key expiry will help address, then by all means, go for
> it. Otherwise, simplify your management by removing expiries.
ok, but i think this is a different aspect than what we're talking about
here ... sep keys means different uid's whereas a subkey is bound to the same
uid ... people sign my uid and i have signing subkeys versus people sign my
uid, i create a new key/uid and sign that with my own key
subkeys can have expiration limits placed on them as well, so i dont see how
your thoughts here are specific to saying "subkeys are the wrong way of doing
things" ... what'd i miss ?
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20061223/0a8a7a2a/attachment.pgp
More information about the Gnupg-users
mailing list