On 12.08.2019 19:09, vedaal via Gnupg-users wrote: > Can this really be done? > > (Does not matter so much to me personally, as I grew up with v3 > keys, and even when using a V4 key, I don't generate a subkey, but > allow all the functions (sign, encrypt. certify) to be done with the > master key). > > Does matter a lot if I can't trust the subkey of someone whom I want > to encrypt to.
> How real is this threat, and is it any threat at all, if simply > binding the subkey to a different master key, won't allow for anyone > else other than the 'real' owner, to decrypt messages encrypted to > that subkey? As you correctly point out its really not that relevant for encryption subkeys. It does have security implementations for signing subkeys; see [cross-certification section] for some details on that. References: [cross-certification section] https://gnupg.org/faq/subkey-cross-certify.html -- ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- Corruptissima re publica plurimæ leges The greater the degeneration of the republic, the more of its laws
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users