RE: OpenPGP Sub Keys (Was: key flag for authentication)

[Ian Brown <I.Brown@xxxxxxxxxxxx>]

Imad R. Faiad wrote:
> I would like to propose that signing sub keys be disallowed 
> in OpenPGP.

This would stop people keeping their master signing key on a more secure
offline machine, and using it to sign shorter-lifetime signing subkeys
which can be used on a day-to-day basis to sign messages :(

> As I understand it, sub keys are only justified in the following
> circumstances:-
> 1) When the public key algorithm does not support encryption 
> (e.g. DSA).
> 2) In agreement with a school of thought, which recommends that
>    it is good practice not to use the same key for signing and
>    encryption.

(2) is vital in countries where decryption but not signature keys can be
seized by law enforcement agencies and others:
http://www.acsac.org/2000/papers/47.pdf

> Any other arguments beyond the above, are just 
> eccentricities, and will be better addressed by creating another key.

Another "eccentricity" I am fond of is short-lifetime encryption subkeys
that can be deleted once they have expired, reducing the impact of the
above-mentioned key seizure powers. I currently (manually) generate such
keys valid for one month; if I ever got round to automating this, I
would go for a week or less...
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA127BBD5