Seperate RSA subkeys for decryption and signing or one for both?

[Peter Lebbing]

RFC 4880 says this in the "Security Considerations" part:

>   * Many security protocol designers think that it is a bad idea to use
>      a single key for both privacy (encryption) and integrity
>      (signatures).  In fact, this was one of the motivating forces
>      behind the V4 key format with separate signature and encryption
>      keys.  If you as an implementer promote dual-use keys, you should
>      at least be aware of this controversy.

Where's your question coming from? As a theoretical musing, it's interesting. In
practice, I don't see why you would ever create a subkey with both capabilities
set.[1]

Also note that it is useful to keep around (and backup) an encryption subkey, to
decrypt old stuff. A primary key is useful to backup as it collects
certifications. But a signing subkey is not useful to keep around. You might
want to refresh your signing subkey more often than your encryption key for that
reason.

Peter.

[1] That doesn't mean there is no reason.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>