Encryption to key with multiple subkeys

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed May 12 00:44:37 CEST 2010


On 05/11/2010 05:02 PM, markus reichelt wrote:
> Nope. More to the point, think about people having both private UID
> and business UID on the same key - the way you describe it could mix
> things up badly.

But UIDs aren't bound to subkeys (they're bound to the primary key, just
as the subkeys are bound to the primary key), so i'm not sure we have a
good way to handle the use case you describe in OpenPGP at all.

> (I guess you know how to tell people to use a specific subkey)

you mean by keyID or fingerprint?  that's brittle and unintelligible for
most people.

I'm not suggesting that joke's proposal of
encrypt-to-all-encryption-capable-subkeys is the right choice, but it's
not clear that there's any particular reason to prefer one key over
another (perhaps if you were introducing a new asymmetric algorithm,
you'd want to keep your old RSA encryption key around for users who
don't have support for the new algorithm).

I don't see any guidance in RFC 4880 about how to select an
encryption-capable subkey if there is more than one (but maybe i'm not
looking in the right place)

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100511/d19686af/attachment.pgp>


More information about the Gnupg-users mailing list