On 1/23/12 9:18 AM, Chris Poole wrote: > If the only purpose of the primary key (in my case, where I have subkeys for > signing and encryption) is to sign the subkeys
How do you enforce that? If it is technically possible to sign a document with your primary key, then good luck telling a judge "no, Your Honor, this signature isn't valid, it was made with my primary key and I only use my signing subkey for documents." You may say the only purpose of the primary key is to sign the subkeys, but if it's technically possible for the primary key to sign documents then the purpose of the primary key is to sign documents. This is why I think it's kind of absurd to have a larger signing subkey than the primary key. The weak link in the chain is going to be the primary key. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users