John Scott via Gnupg-users wrote:
Reduce, reuse, and recycle: why make a fresh public key pair when you can reduce, reuse, and recycle one you've already got?
Simple: to limit the exposure of the corresponding private key and the work required to rotate any given keypair. Closely related, if different applications use different cryptographic keypairs (i.e. subkeys) you also have some indication where your private key got leaked based on which subkey was compromised. This could be very important for tracking down an unknown exploit, since it tells you where to start looking.
OpenPGP does have a solution to this problem (subkeys) that I hope Monkeysphere will fully support. Will there be support for importing, say, a Tor onion service keypair onto an OpenPGP certificate as a subkey? (Obviously, tying Tor onion services to OpenPGP certificates blows the whole "anonymous" thing to bits, but Tor onion services have other uses, too.) Or, perhaps more practically, importing an existing OpenSSH keypair as an OpenPGP subkey?
-- Jacob _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
