On 1/23/12 9:18 AM, Chris Poole wrote:
> If the only purpose of the primary key (in my case, where I have subkeys for
> signing and encryption) is to sign the subkeys

How do you enforce that?  If it is technically possible to sign a
document with your primary key, then good luck telling a judge "no, Your
Honor, this signature isn't valid, it was made with my primary key and I
only use my signing subkey for documents."

You may say the only purpose of the primary key is to sign the subkeys,
but if it's technically possible for the primary key to sign documents
then the purpose of the primary key is to sign documents.

This is why I think it's kind of absurd to have a larger signing subkey
than the primary key.  The weak link in the chain is going to be the
primary key.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to