Opinion - additional ID's, or new Keys? - PGP

This is a discussion on Opinion - additional ID's, or new Keys? - PGP ; If I use PGP at work and at home, for different purposes are there any PRO's or CON's to using additional ID's on a single key or separate keys that I'm not listing here? Single Key - multiple ID's: PRO ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Opinion - additional ID's, or new Keys?

  1. Opinion - additional ID's, or new Keys?

    If I use PGP at work and at home, for different purposes are there any
    PRO's or CON's to using additional ID's on a single key or separate keys
    that I'm not listing here?

    Single Key - multiple ID's:
    PRO - Don't have to maintain separate keys
    CON - Privacy of WORK email address is lost because my public key will
    contain both ID's
    CON - If I leave work, I have to revoke they keys for ALL the ID's.

    Separate keys - single ID:
    PRO - Privacy of email addresses maintained - folks at work don't have
    to see my home ID, people at home don't have to see my work ID.
    PRO - If I change jobs, I can just revoke the work key.
    CON - Have to maintain multiple keys.

    Anything else I'm missing?

  2. Re: Opinion - additional ID's, or new Keys?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    William Stranathan wrote in
    news:CurXb.36095$uV3.59301@attbi_s51:

    > If I use PGP at work and at home, for different purposes are there any
    > PRO's or CON's to using additional ID's on a single key or separate
    > keys that I'm not listing here?
    >
    > Single Key - multiple ID's:
    > PRO - Don't have to maintain separate keys
    > CON - Privacy of WORK email address is lost because my public key will
    > contain both ID's
    > CON - If I leave work, I have to revoke they keys for ALL the ID's.
    >
    > Separate keys - single ID:
    > PRO - Privacy of email addresses maintained - folks at work don't have
    > to see my home ID, people at home don't have to see my work ID.
    > PRO - If I change jobs, I can just revoke the work key.
    > CON - Have to maintain multiple keys.
    >
    > Anything else I'm missing?


    With the single key, if you leave that work, you can just revoke the work
    related User ID; you do not need to generate a new key just for that
    reason.

    However, unless you have complete control of your work computer (not
    networked, not multi-user, ADK not used, etc.), you have very high risk
    of your private key and it's passphrase being able to be easily captured
    - - a major security risk you would probably not want for your home
    related
    purposes.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.3
    Comment: My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

    iQEVAwUBQC5HlmDeI9apM77TAQLVrgf+MC03ilicMRJMZkdC9E AOcv1PxZL8V7nx
    c1/HsMhze8VkfPaad9o/9rtoz0OVmzcFPWWPC551PZDOs5clSVBmklxD8LuH+YB4
    8Ka+iOA1UOlQj86MA3eAPaszYYZaTNVH8v3KEwDaUJ/ZrQt2SeOnWE4fQI4J9IJj
    E46cUfiEbVw7ILPfeT0XYV6+I5d9CkjaWrLM2aDU6GRNgB/Ysavv1XlzRnT79wAm
    iITydKcaz6ovHuTMKGiu2i++kXLuvjX8fR7U8q5hK6U1oAUxGF AHn2SEll058BPt
    /fF96uC9WE3c3QrlNfSP7q+qnQQqhA++3QCZshse2K8y5vebDqx 0hg==
    =F0PI
    -----END PGP SIGNATURE-----

  3. Re: Opinion - additional ID's, or new Keys?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    William Stranathan writes:

    >If I use PGP at work and at home, for different purposes are there any
    >PRO's or CON's to using additional ID's on a single key or separate keys
    >that I'm not listing here?


    >Single Key - multiple ID's:
    >PRO - Don't have to maintain separate keys
    >CON - Privacy of WORK email address is lost because my public key will
    >contain both ID's
    >CON - If I leave work, I have to revoke they keys for ALL the ID's.


    >Separate keys - single ID:
    >PRO - Privacy of email addresses maintained - folks at work don't have
    >to see my home ID, people at home don't have to see my work ID.
    >PRO - If I change jobs, I can just revoke the work key.
    >CON - Have to maintain multiple keys.


    >Anything else I'm missing?


    Your summary is about right.

    Note that if you use separate keys, you can have each key sign the
    other.

    I use the one key. But then I use the same email address for
    both. But if my work was not with a university, I would probably
    use separate keys.

    I do use a separate key for signing usenet posts (such as this),
    mainly to separate the email addresses a little, what with all of the
    abuse and forgery against usenet posting email addresses.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (SunOS)

    iD8DBQFALk0GvmGe70vHPUMRAkf5AKCkae2hOWtWZpoLFkWgxW zJfUixDwCg6oBl
    cSQixaCUXtHVOeoCuzf88W8=
    =0ynn
    -----END PGP SIGNATURE-----


  4. Re: Opinion - additional ID's, or new Keys?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    > If I use PGP at work and at home, for different purposes are there any
    > PRO's or CON's to using additional ID's on a single key or separate keys
    > that I'm not listing here?
    >
    > Single Key - multiple ID's:
    > PRO - Don't have to maintain separate keys
    > CON - Privacy of WORK email address is lost because my public key will
    > contain both ID's
    > CON - If I leave work, I have to revoke they keys for ALL the ID's.


    Not the case. You can revoke just that ID, and add a new one for your new
    job.
    >
    > Separate keys - single ID:
    > PRO - Privacy of email addresses maintained - folks at work don't have
    > to see my home ID, people at home don't have to see my work ID.
    > PRO - If I change jobs, I can just revoke the work key.


    Irrelevant really.

    > CON - Have to maintain multiple keys.
    >

    possible pro: as tom said, your passphrase is easier to compromise at work.
    But in that case there would be the added disadvantage of having to
    remember two passphrases.
    I'd say the thing to base your decision on is the privacy of email
    addresses. If you don't mind everyone who has your work email getting your
    home one and vice versa, use a single key with multiple ids. If you want to
    keep them separate, use multiple keys.


    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (GNU/Linux)

    iD8DBQFAL1+2seVxKm0DPWERAgbmAKDPxPdDxF86CrigWODXCX 1mVc2qDQCg9QdD
    KHLcbg7oLGLIe6SjS4qUlcQ=
    =g+Yx
    -----END PGP SIGNATURE-----

+ Reply to Thread