On Wed, 20 Feb 2013 21:37:38 +0000 "Robin H. Johnson" <robb...@gentoo.org> wrote:
> Ideally keeping your primary key offline to increase security. > > However, the original theory was that if there was some attack that > required a large amount of ciphertext or a targeted plaintext input, > you would be limiting the ciphertext to only gentoo-specific content, > and could trivially rotate the subkey without any impact on your > primary key. I totally agree with the idea of having a separate subkey for signing purposes, but look at my key, for example: I already have a separate subkey for signing, the primary key is only used for certifications (and is actually kept offline ;). If I was a Gentoo dev, it wouldn't seem that logical to have to create yet another signing subkey. Therefore, I'd propose to remove the "Gentoo" part from "Dedicated Gentoo signing subkey". Luis
signature.asc
Description: PGP signature