Rationale/reasons for splitting Sign and Authenticate into two separate subkeys in a work-environment?

Christian Chavez x10an14 at gmail.com
Tue Dec 22 16:20:25 CET 2020


Nvm, apologies for the spam.
I retract my question now after having conferred with a third-party.

I understand now your hypothetical scenario - thanks!

Does anyone else have any thoughts on the reduced complexity of juggling
multiple (sub?)keys vs the security implications of not separating
Authentication/Signing to different (sub?)keys?

On Tue, Dec 22, 2020 at 4:16 PM Christian Chavez <x10an14 at gmail.com> wrote:

> Hi Dirk-Willem!
> Thanks for your reply - but I'm unfortunately lost as to your (what I
> surmise is your implied) hypothetical use-case?
>
> Ref:
> On Tue, Dec 22, 2020 at 2:56 PM Dirk-Willem van Gulik <
> dirkx at webweaving.org> wrote:
>
>> Keep in mind that in some workplaces the building of that trust
>> explicitly includes the need for counter-intelligence - and hence a
>> legitimate use of fake signatures.
>> Though I have a hard time imagining a use case in the european private
>> sector for that.
>>
>
> Would you mind elaborating on when you'd foresee/imagine such a
> non-european/non-private sector have a need for this?
> There's nothing that would stop the user in question utilizing multiple
> separate "main" keys, and not just separate sub-keys per A, S, E
> capability  in your scenario (even when A and S capabilities reside on the
> _same_ private/public sub-key pair).
>
> --
> Med vennlig hilsen/Kind regards,
> Christian Chavez
> Phone/Tlf: +47 922 22 603
>


-- 
Med vennlig hilsen/Kind regards,
Christian Chavez
Phone/Tlf: +47 922 22 603
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20201222/533915c5/attachment.html>


More information about the Gnupg-users mailing list