1 Feb 2009 18:21
"Roles" for subkeys?!
Christoph Anton Mitterer <calestyo <at> scientia.net>
2009-02-01 17:21:23 GMT
2009-02-01 17:21:23 GMT
Hi WG! Let me just pick the following from another thread up and fork it here: On Sat, 2009-01-31 at 22:17 -0500, David Shaw wrote: Subkeys aren't really usable for roles. > I've always missed that,... User IDs make great roles. > Subkeys can be used by anyone who cares to, so if you have two > encryption keys, even though you intend one for "home" and one for > "work", you have no way to tell me which one you want me to use, and > even if you did, I could use the other one if I wanted to. On advantage of subkeys is that one can use them independently from the primaries, I mean you don't need a copy of the primary private key to decrypt data encrypted with a public encryption subkey, or you don't need it to sign data with the secret signing subkey. gnupg even has some options to create such crippled keys, and they're good to use in e.g. less secure like my work PC where every sysadmin have access to (Klaus, if you read this, it's not that I wouldn't trust you ;) )... So far I don't need subkey roles,... but the problem now is,... 1. When some of my LHC/LCG/Grid/etc contacts sends me encrypted data,... he doesn't know which encryption subkey to choose, as you've said. And thus I'll be probably unable to decrypt the message (at least at work). 2. When I make signatures with my different subkeys, I'd like that people see it when I used my not-so-secure work signing subkey (perhaps something that the user agent adds like <User ID> + "(this is my unsecury work signing key)". I know that this is currently not possibly to do this,.. but is there any interest for such things? Regards, -- -- Christoph Anton Mitterer Ludwig-Maximilians-Universität München christoph.anton.mitterer <at> physik.uni-muenchen.de mail <at> christoph.anton.mitterer.name
RSS Feed