On Fri, Mar 25, 2016 at 10:21 AM, Ben McGinnes <b...@adversary.org> wrote: > > Primary keys MUST be C-usage and MAY be SCA usage, by default they're > SC, but simply creating an S-usage subkey moves the S function to the > subkey (by default GPG will select the newest subkey with a given > capability to perform that function). Since default key generation > does not include authentication (A) keys for SSH, the result is > usually an SC master with an E subkey of matching bit sizes. >
Thanks for this explanation. I beleive that an A key (or subkey) that is never used, does not hurt. So, my default is to create one. On the other hand, if an A key is created, I beleive that it is better for it to be a subkey, rather than a primary key. The reason is that an A key most probably needs to be used frequently (for example daily), but you may wish to keep a primary key offline, and these two requirements conflict with each-other.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
