[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Debconf-discuss] using OpenPGP notations to indicate keysigning practices [was: Re: GPG keysigning?]

On Wed, Jun 24, 2009 at 3:14 AM, Daniel Kahn
Gillmor<dkg@fifthhorseman.net> wrote:

> I think that misses a critical point; i want to use my OpenPGP key for a
> variety of purposes both in and out of debian.  I consider it a baseline
> tool for managing my digital identity.  While i'm happy to obey
> debian-specific guidelines for debian-specific purposes, i have no
> intention of obeying debian-specific guidelines for projects outside of
> debian, except perhaps by coincidence.
> I'm *not* saying that i will sign keys blindly or anything, but there
> are scenarios and groups i interact with where it is meaningful and/or
> useful to sign a role key, a machine key, or a pseudonymous key, for
> example.  If debian makes up some debian-specific guidelines that say
> "you must not sign pseudonymous keys", i cannot follow those
> instructions without changing my key (or having a debian-specific key
> unrelated to my non-debian identity, which seems to defeat the whole
> point of the binding).

Would subkeys help in this scenario? (hint hint, some good docs about
real-world subkey usage are needed).



Reply to: