On 22 Mar 2016, at 22:10, Dashamir Hoxha <dashoho...@gmail.com> wrote:
>> On Tue, Mar 22, 2016 at 10:21 PM, Peter Lebbing <pe...@digitalbrains.com>
>> wrote:
>> And why is your primary key capable of encryption? One of the reasons for
>> subkeys is so you don't have to use the same key material for both encryption
>> and signing, since this opens up some subtle points of attack that are easily
>> avoided.
>
> What is wrong with that? As long as there is a subkey for encryption, gpg
> will use the subkey for encryption, even if the primary key is capable of
> encryption.
Please please for the love of all that is sweet and beautiful in the world
don't make an encryption-usage primary key. If you ignore everything else Peter
has said, please don't ignore this. There are no benefits whatsoever to making
an E-usage primary key, and plenty of reasons not to. And unlike expiry dates
which can be fixed later, once you have E enabled on a primary key you can't
remove it without hacking the innards of the data structure.
IMHO the only thing to do with E-usage primary keys is revoke them and start
again from scratch. The only reason they are even still allowed in GPG is for
backwards compatibility, right...?
A
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
