On 20/02/17 16:25, Kristian Fiskerstrand wrote: > Wouldn't consider this accurate, the typical use case for multiple A > subkeys is per-device usage, explicitly to avoid having to revoke all if > one is compromised.
Well, if you use only one, "revoke all" is still "revoke one" ;). It's not the revocation step that gets any bigger, it's just that you need to roll out the new key to all your client systems instead of just the server systems. Personally, the number of server systems I use is way larger than the number of client systems. Over all, I don't think it's that much more work, given it's a rare occurence anyway (I hope). With A per system: 1) Create new key on compromised system 2) Roll out new key to all server systems 3) Revoke old key on all server systems With just one A: 1) Create new key 2) Roll out new key to all client systems 3) Roll out new key to all server systems 4) Revoke old key on all server systems Steps 3 and 4 are more work than step 2. I have login credentials for at least 11 systems off the top of my head, yet only 3 client devices I regularly use [1]. When all your server systems automatically pick up on OpenPGP auth subkeys from a keyserver, or when you use OpenSSH's CA mechanism, steps 3) and 4) are pretty much automatic, in which case indeed step 2) would dominate and one key per device once again wins. So perhaps one key per device is superior, also for detecting which client system was compromised by looking at the SSH auth logs on the server (supposing the attacker didn't gain root privileges and wiped his traces immediately). But I think it's not a very significant difference, or did I miss a scenario? My 2 cents, Peter. [1] However, I have four different auth keys on those clients, three on-disk, one per system and one smartcard I only use on a single one of those systems. I actually use one key per client, but note that I don't have multiple A-capable OpenPGP subkeys. All my on-disk keys are just regular ol' OpenSSH keys, and I think then one key per device is a much cleaner setup indeed. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users