On Tue, 16 Jul 2013 01:16, martin.brochh...@gmail.com said: > This person claims that subkeys are not the best option because: > > ### QUOTE ### > > Disadvantages of subkeys: > > * I find them Confusing.
They mandotory part of the standard and solve the problem of having separate keys for separate purposes (at least encryption and signing). > * There are disturbingly many (i.e., any at all) bug reports on the web > about gpg software handling subkeys incorrectly. I am not aware of any problems with them. They have been with us for 15 years! > * It is possible to export a subkey and attach it to a different primary > key, creating a potential security hole. That is only possible for the owner of the primary key. It is further not possible to add a signing subkey if you can't create a signature with that signing subkey. There is no problem adding a foreign encryption subkey to your key: Either you can use (know the protection passphrase) that subkey - then you are the owner; or you can't use it - then it is useless. > * No ability (without a lot of hassle, anyway) to use different passphrases > on primary and subkeys. gpg works correctly if you have different passphrases. I use a different one for my offline key than for my subkey-only online key. For the user experience different passphrases are the worst thing you can do. Remembering a passphrase is difficult enough; entering two different passphrases for sending mail (signing) and reading mail (decryption) is a no-go. > I would like to know if David Soergel's approach has any flaws. As I > understand it, it works the same as using real subkeys, I would create two > normal keys, declare one to be my master key and one to be my first subkey. Oh dear, that is Lutz's pgp 2.6 approach which fortunately led to a solid spec named OpenPGP. > Any reasons why I should stick to GPGs "native" subkey feature? Yes, because that is a core concept of OpenPGP. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
