On 1/4/2020 10:10 AM, Robert J. Hansen wrote: >> Following my thread at (1), unless I'm missing something, it became >> apparent that Enigmail/Tunderbird does not fit the bill anymore. > > It should be noted that Enigmail hasn't changed how it does anything. >
No argument there, Patrick is doing an outstanding job with Enigmail. I should have said that enigmail does not fit the bill for my needs anymore, sorry about that. >> My goal is to sign code and sign/encrypt e-mail but I'm not sure what's >> the best way forward: > > We don't know, either. It's going to depend on your own personal risk > profile. > >> - Am I missing something/better approach > > If you want to segregate your code signing from your email, the best way > to do that is with a second certificate -- not adding subkeys to your > current one. > > Ask yourself this: how often have you noticed that my signed messages > bear *two* signatures from *two* subkeys belonging to the same > certificate? I've been doing this for years and nobody's ever noticed. > (Or at least, nobody's ever mentioned it to me to ask why I'm doing > something so weird.) > > So if you're depending on people ascribing special semantic value to > which subkey is used -- honestly, I doubt people will ever even notice > which subkey you're using. It's simply not a use case that comes up > very often, if ever. > >From the answer in this thread, it looks like having two key pares (one for signing and one for e-mailing) is somewhat more flexible but this approach is more complicated for the web of trust. I guess , I'll go with separate key pares. Thanks Robert for your answer in all my threads! :) I'd like to also thank (1) for his answer, and (2) for his answer in an other thread (3). 1) Wiktor Kwapisiewicz <wik...@metacode.biz> 2) Konstantin Ryabitsev <konstan...@linuxfoundation.org> 3) https://lists.gnupg.org/pipermail/gnupg-users/2020-January/063190.html -- John Doe _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
