Hi!

I'm currently helping my workplace test out Yubikeys - to see how/if they
could help us with our software development. One expected benefit is to
allow developers cryptographically sign Git commits/tags (e.g).

My question is based on this awesome answer by Thomas Pornin:
https://security.stackexchange.com/a/43591;
*In a work-environment, what benefits does one gain by having separate
Authentication/Signing (sub)keys?*

I understand and agree with the rationale of keeping a separate Encryption
key (so that this could be shared with your employer), but that rationale
does not extend for Signing/Authenticating (presuming a trustworthy
workplace which doesn't need to fake authentication/signing of employees).
-- 
Med vennlig hilsen/Kind regards,
Christian Chavez
Phone/Tlf: +47 922 22 603
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to