multiple subkeys and key transition

Ben McGinnes ben at adversary.org
Sat Dec 11 21:29:05 CET 2010


On 12/12/10 7:21 AM, David Shaw wrote:
> On Dec 11, 2010, at 2:55 PM, Ben McGinnes wrote:
>>
>> Cool.  On a tangential note, could this be used as a basis for
>> applying a PKI/WoT model to certification of SSL keys, rather than
>> relying on CAs?
> 
> Yes indeed.  See http://web.monkeysphere.info/ for a project using
> the WoT for both SSH and HTTPS.

Awesome, I'm definitely going to have to take a look at this.

Grant, thanks for mentioning it too.  :)

>> I assume this means that if the primary key can sign & certify, that
>> key will still be used to sign other keys even if there is a specific
>> signing subkey for messages and files.  Right?
> 
> Right.  Since only the primary can certify, it will be automatically
> chosen whenever you try to sign another key.

Cool, I'm glad I'm on the right path.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20101212/60e12a49/attachment-0001.pgp>


More information about the Gnupg-users mailing list