On Mon, May 2, 2011 at 16:47, <patric...@lavabit.com> wrote: > My idea is to create a master signing key on an offline > computer(persistent live usb). Then create two subkeys that have regular > expiration dates. One encryption key and one additional "daily-use" > signing key. I would post my master key in my signature and use it to > sign the sub-keys. When sending mail I would use my daily use key to sign > my messages. I would only access and use my master key when it is > necessary to sign other keys and update my sub keys. Would this create any > problems for those reading and verifying my emails?
If you are talking about actual sub-keys (not separate keys that are only semantically "sub-keys"), then there is no problem. However, they might have to get the latest key copy including the sub-keys to verify, and they definitely need the encryption sub-key to encrypt. > Would it be necessary > to link to my key policy in my mail or would it be seamless that my sub > signing key is valid because it is signed by the master. > An encryption sub-key is used to encrypt to the resp. uid on the master key. A signing sub-key is implied to belong to the same uid as well. So, it's seamless. -- Jerome Baum Telefon: +49-1578-8434336 E-Mail: jer...@jeromebaum.com -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
