* 2021-06-22 10:46:58+0200, Marco Möller wrote: > Regarding openPGP usage, it is recommended in several user guides to > keep the primary key offline and keeping on the main computer only > subkeys.
I have read some of such guides. They imply considerations about relevant threats but unfortunately they often fail to define their threat model. They also don't acknowledge the fact that their threats are not relevant to all people. Crypto nerds like to create perfect (?) security systems. A user certainly can keep his primary key outside his usual key ring. It may build an extra barrier (together with passphrase) for others to steal and use the key -- or for the owner to lose it. But if you don't consider this a relevant threat then there is no need to keep your primary key far and offline. Key management guides don't know what is relevant to you. -- /// Teemu Likonen - .-.. https://www.iki.fi/tlikonen/ // OpenPGP: 4E1055DC84E9DFF613D78557719D69D324539450
signature.asc
Description: PGP signature
