On Thu, 2011-10-13 at 09:12 +0100, Richard W.M. Jones wrote: > On Wed, Oct 12, 2011 at 12:48:57PM -0700, Adam Williamson wrote: > > Sure. However, if you have multiple keys with multiple passphrases, then > > it's extra work to compromise each key. > > Not true at all. If I keep my key(s) in a single location (a secure > machine at my home), then either all keys in that location are secure > or they've all been compromised. Someone with a rootkit on that > machine can capture all of my keys and all of my passphrases. A rootkit is one kind of compromise, sure. I outlined another kind in an earlier reply to a similar objection. (Here's another one: you keep your Single Key For Everything or your Giant Key Collection on a USB key, and the USB key gets swiped. Yes, yes, I know, the key should be encrypted...sigh.) > > let's say you have an account on kernel.org and one on linux.com. It > > may make some kind of sense to your workflow for you to keep the > > private key you use to access linux.com in your home directory on > > kernel.org. > > If you do this, you're doing it wrong. It's been pretty well established by now that lots of people do security wrong all the time. Just saying 'everyone who's doing it wrong loses and the only scenario we care about is the one in which everyone does it right' is ludicrous. The point is that there are actual plausible scenarios in which using multiple keys results in a less catastrophic outcome than using a single key for everything. That's all I ever claimed. I did not claim any of the hypothetical examples I presented were cases of best security practice. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
