Hi :-)
Ok,.. it took some time,.. but now I came back to that issue ...
David Shaw wrote:
On Wed, Nov 09, 2005 at 12:53:45AM +0100, Christoph Anton Mitterer wrote:
Or is there perhaps another software that I could use for chaging the
key usage flags (without damaging my key or changing the format or so).
Of course I'd prefer using GnuPG because I trust this the most :-)
Once again,.. I'm only going to do this,.. if it wouldn't have
disadvantages for the security. But if the only disadvantage is that I
have more work when someone asks me to response to a challenge I would
live with that ;-)
It has absolutely no impact on security, either for or against.It is
a 90% meaningless flag, and is in fact happily ignored in virtually
all OpenPGP applications. If you insist on making such a key, the
only impact that you'll notice is that you won't be able to answer
email challenges using GnuPG.
Well,... "insist" ... *g* ... let me explain:
If you look at professional CAs (e.g. DFN-PCA) they clearly state in
their Policies that e.g. they'll NEVER use their root keys for signing
data but only for signing keys (DFN does this with its root-PGP-keys for
example).
I think the advantage is,... that other users can at least think that
the key is more likely not used in daily-bussines (with potentially
insecure applications,.. Thunderbird,.. etc.) but only when the owner
signs a key.
But of course this is only a personal opinion ;-)
However:
=> It is defenitely sure that with a C-only primary key (and a S-subkey
- of course WITH backsigs) I would NOT loose any security or
cryptography strength, at all, right? The only problem is that issue
with challenge-response, right?
You sound like you really, really, want to do this. I'm telling you
it's a bad idea, but it's your key. You have to be happy with it.
*g* You make me insecure...
But you mean "bad idea" only because of the issues with backsigning, right?
btw: Wouldn't it just work to answer the challenge by signing with the
signing subkey? If someone would trust my primary key he should also
trust my secondary (because it is bound to the primary by the 0x18-sig),
or am I wrong?
Best wishes,
Chris.
begin:vcard
fn:Mitterer, Christoph Anton
n:Mitterer;Christoph Anton
org:Munich University of Applied Sciences;Department of Mathematics and Computer Science
adr;quoted-printable;quoted-printable:;;Lothstra=C3=9Fe 34;M=C3=BCnchen;Freistaat Bayern;80335;Federal Republic of Germany
email;internet:[EMAIL PROTECTED]
tel;home:+49 89 24409568
tel;cell:+49 172 8617341
x-mozilla-html:TRUE
url:http://fhm.edu/
version:2.1
end:vcard
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
