On 02/20/2017 05:49 PM, Peter Lebbing wrote: > So perhaps one key per device is superior, also for detecting which client > system was compromised by looking at the SSH auth logs on the server > (supposing > the attacker didn't gain root privileges and wiped his traces immediately). > But > I think it's not a very significant difference, or did I miss a scenario?
Revocation of the specific subkey is automatically picked up by all systems due to automatic refresh of the public key on regular intervals, without losing access to the system from non-compromised devices. -- ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- Qui audet vincit Who dares wins
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
