From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-58707-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 74F1E138B4D
	for <garchives@archives.gentoo.org>; Wed, 20 Feb 2013 21:37:48 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id EF44EE0458;
	Wed, 20 Feb 2013 21:37:40 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id E5DD8E0268
	for <gentoo-dev@lists.gentoo.org>; Wed, 20 Feb 2013 21:37:39 +0000 (UTC)
Received: from grubbs.orbis-terrarum.net (localhost [127.0.0.1])
	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 1916A33E025
	for <gentoo-dev@lists.gentoo.org>; Wed, 20 Feb 2013 21:37:39 +0000 (UTC)
Received: (qmail 25182 invoked by uid 10000); 20 Feb 2013 21:37:38 -0000
Date: Wed, 20 Feb 2013 21:37:38 +0000
From: "Robin H. Johnson" <robbat2@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] RFC: Gentoo GPG key policies
Message-ID: <robbat2-20130220T213153-292325133Z@orbis-terrarum.net>
References: <robbat2-20130218T224715-868658579Z@orbis-terrarum.net>
 <20130220213838.60771bef@mygoo.lnet>
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20130220213838.60771bef@mygoo.lnet>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Archives-Salt: ab6fd15a-bd50-4c18-9739-d7b1899f2496
X-Archives-Hash: bce88695abc2fe69852af6a0f04c4de6

On Wed, Feb 20, 2013 at 09:38:38PM +0100, Luis Ressel wrote:
> On Mon, 18 Feb 2013 23:27:46 +0000
> "Robin H. Johnson" <robbat2@gentoo.org> wrote:
> > 3. Dedicated Gentoo signing subkey
> What's the point of this, btw?
Ideally keeping your primary key offline to increase security.

However, the original theory was that if there was some attack that
required a large amount of ciphertext or a targeted plaintext input, you
would be limiting the ciphertext to only gentoo-specific content, and
could trivially rotate the subkey without any impact on your primary
key.

-- 
Robin Hugh Johnson
Gentoo Linux: Developer, Trustee & Infrastructure Lead
E-Mail     : robbat2@gentoo.org
GnuPG FP   : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85