Hi! I'm currently helping my workplace test out Yubikeys - to see how/if they could help us with our software development. One expected benefit is to allow developers cryptographically sign Git commits/tags (e.g).
My question is based on this awesome answer by Thomas Pornin: https://security.stackexchange.com/a/43591; *In a work-environment, what benefits does one gain by having separate Authentication/Signing (sub)keys?* I understand and agree with the rationale of keeping a separate Encryption key (so that this could be shared with your employer), but that rationale does not extend for Signing/Authenticating (presuming a trustworthy workplace which doesn't need to fake authentication/signing of employees). -- Med vennlig hilsen/Kind regards, Christian Chavez Phone/Tlf: +47 922 22 603
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
