-----BEGIN PGP SIGNED MESSAGE-----
In short, I sugest doing what you are thinking about: use two keys, a high security key, and a low security key signed by the high one.
[ explaination of method deleted ]
That's what I do.
j' -- O I am Jay Prime Positive jpp@markv.com 1250 bit key fingerprint = B8 95 E0 AF 9A A2 CD A5 89 C9 F0 FE B4 3A 2C 3F 524 bit key fingerprint = 8A 7C B9 F2 D5 46 4D ED 66 23 F1 71 DE FF 51 48 Public keys by `finger jpp@markv.com' or mail to pgp-public-keys@pgp.mit.edu Your feedback is welcome, directly or via symbol JPP on hex@sea.east.sun.com
I like this method you mentioned of using two keys, on one on the public machine, and one more secure at home or whatever. I meant to comment on this before...I'm not sure about the "detached" signature, though. What if someone created a detached signature, adds it to their header, and the last thing that happens is that their mailer appends their .signature to the end of the message. The only way seems to be to say, "Encorporate the detached signature mechanism into whatever program you're using so that it's the last thing that happens. This includes things like mailx, elm, and inews." Not everyone could probably comply with this (especially some who work for corporations that add a corporate signature to messages after it's left the user's hands). - -pc ____________________________________________________________ Philip Kizer ___ Texas A&M CIS Operating Systems Group, Unix fnord pckizer@tamu.edu -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLNE/87ZspOMRmJBhAQG1iQP/bAdjFL+OYzYJCNgvjB/0+eW+yA5ym/NY 6JrJkGjOKgjYMJ+fZFItcxgfiRUlFs+1X+N5j51P5r78XOVK20v5La2BP5CftOmj bLsb8Lg0hjCLtPbZWcywvPjAmA03fp3/gtFGr1rygTWGTy8cUlbRJS6FGcc0/uqZ o35s9zrul10= =X9yf -----END PGP SIGNATURE-----