key management & APG

Philipp Klaus Krause pkk at spth.de
Sun Aug 4 10:00:49 CEST 2013


Am 03.08.2013 14:51, schrieb Hauke Laging:
> Am Sa 03.08.2013, 12:16:56 schrieb ix4svs at gmail.com:
> 
>> On 30 July 2013 22:30, <ix4svs at gmail.com> wrote:
> 
>>> I only need one GPG identity for now. I also use GPG on devices of two
>>> classes: "Secure" and "insecure". I would like to take some operational
>>> security (OPSEC) precautions to minimize my pain when my insecure devices
>>> get compromised.
> 
> You should consider using two keys for the same identity and very obviously 
> give them different security levels.  IMHO that's what we all are going to do 
> in five years.
> 
> Then the sender can decide how confidential the information is (or how 
> reliable the signature must be).

You mean creating two separate keys for the same email address? And sign
each with the other?
Anyone else will have to sign both of my keys for this address?
How would I document the security levels? Use the comment field? Will
current software make the choice easy for the people sending mail to me,
or will their mail program just choose one of the keys without asking
the user?

Philipp




More information about the Gnupg-users mailing list