subject:"Rationale\/reasons for splitting Sign and Authenticate into two separate subkeys in a work\-environment\?"

Rationale/reasons for splitting Sign and Authenticate into two separate subkeys in a work-environment?

2020-12-22 Thread Christian Chavez via Gnupg-users

Hi! I'm currently helping my workplace test out Yubikeys - to see how/if they could help us with our software development. One expected benefit is to allow developers cryptographically sign Git commits/tags (e.g). My question is based on this awesome answer by Thomas Pornin: https://security.stac

Re: Rationale/reasons for splitting Sign and Authenticate into two separate subkeys in a work-environment?

2020-12-22 Thread Dirk-Willem van Gulik

On 22 Dec 2020, at 13:31, Christian Chavez via Gnupg-users wrote: > My question is based on this awesome answer by Thomas Pornin: > https://security.stackexchange.com/a/43591 > ; > In a work-environment, what benefits does one gain by having separat

Re: Rationale/reasons for splitting Sign and Authenticate into two separate subkeys in a work-environment?

2020-12-22 Thread Christian Chavez via Gnupg-users

Hi Dirk-Willem! Thanks for your reply - but I'm unfortunately lost as to your (what I surmise is your implied) hypothetical use-case? Ref: On Tue, Dec 22, 2020 at 2:56 PM Dirk-Willem van Gulik wrote: > Keep in mind that in some workplaces the building of that trust explicitly > includes the need

Re: Rationale/reasons for splitting Sign and Authenticate into two separate subkeys in a work-environment?

2020-12-22 Thread Christian Chavez via Gnupg-users

Nvm, apologies for the spam. I retract my question now after having conferred with a third-party. I understand now your hypothetical scenario - thanks! Does anyone else have any thoughts on the reduced complexity of juggling multiple (sub?)keys vs the security implications of not separating Authe

Re: Rationale/reasons for splitting Sign and Authenticate into two separate subkeys in a work-environment?

2020-12-22 Thread Dirk-Willem van Gulik

On 22 Dec 2020, at 16:16, Christian Chavez wrote: > Thanks for your reply - but I'm unfortunately lost as to your (what I surmise > is your implied) hypothetical use-case? It is a very common requirement that you find in gov. procurement documents/requirements of cryptographic technology tha

Re: Rationale/reasons for splitting Sign and Authenticate into two separate subkeys in a work-environment?

2020-12-24 Thread Philihp Busby via Gnupg-users

On 2020-12-22T13:31:42+0100 Christian Chavez via Gnupg-users wrote 2.8K bytes: I'm currently helping my workplace test out Yubikeys - to see how/if they could help us with our software development. One expected benefit is to allow developers cryptographically sign Git commits/tags (e.g). I

Rationale/reasons for splitting Sign and Authenticate into two separate subkeys in a work-environment?

Re: Rationale/reasons for splitting Sign and Authenticate into two separate subkeys in a work-environment?

Re: Rationale/reasons for splitting Sign and Authenticate into two separate subkeys in a work-environment?

Re: Rationale/reasons for splitting Sign and Authenticate into two separate subkeys in a work-environment?

Re: Rationale/reasons for splitting Sign and Authenticate into two separate subkeys in a work-environment?

Re: Rationale/reasons for splitting Sign and Authenticate into two separate subkeys in a work-environment?

6 matches

Site Navigation

Mail list logo

Footer information