[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PGP-USERS] Limited utility of master/subkey
-----BEGIN PGP SIGNED MESSAGE-----
Clive Jones wrote:
> I don't think what you're trying to do is a good idea.
I appreciate your concerns, but I do not share your conclusions.
The care I take with a key and its passphrase *is* related to its
value, which is in turn related to its lifetime. I may use a simpler
passphrase for a key that deals with short-term messages than ones
that guard other personal data or that signs other keys. I also
attach a shorter expiration time to those less valuable keys.
I also believe that the more a key is used, the greater chance
of a compromise to due malice *or accident*.
The ability to generate new subkeys seems to match my model.
If my subkey were always as valuable as my master key, why would
I ever generate another subkey?
If the keys have different values, why is it unreasonable to
allow different passphrases? No, it's not the only (or even
best) way to mitigate risk, but I believe it can help.
> Isn't it far simpler just to make a separate key-signing key, rather
> than looking for a way to do this with subkeys? This is certainly a
> method a lot of people have used for years.
I am doing just that. The *only* reason that it is simpler is that
the tools have this limitation. This requires that human beings
recognize that these keys are related (or grant my key-signing key
greater trust than otherwise necessary).
When PGP moved to DSA/DH, this could have been the solution: simply
have two independent keys. That would have been just as unwieldy.
The master/subkey approach recognizes the utility in the tools
understanding a relationship between the keys. That utility does not
depend on the keys having equal value -- in fact, it suggests the
opposite -- nor does it depend on them having the same passphrase.
I'm not suggesting that the tools shouldn't make it easy for someone
to use the same passphrase for all the related keys -- clearly that
suits most people's needs. I'm simply suggesting that they should
allow for more advanced use. And certainly, when faced with
an imported OpenPGP-compliant master/subkey group with different
passphrases, it ought to behave reasonably.
And for what it's worth, GNUPG does behave. (Thanks, Werner :-).
PGP6 does not. I can't buy a personal PGP7 yet (or see source),
so for it, I can't say.
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
-----END PGP SIGNATURE-----