From: douglas craig holland <holland@CS.ColoState.EDU> [...] I don't really want to run PGP on CSUNet, since I don't trust their machines like I trust mine, but I am thinking about doing that and generating a key which I would be wiling to use for less secure stuff. Anyone here have any other suggestions on making encryption less of a pain?
In short, I sugest doing what you are thinking about: use two keys, a high security key, and a low security key signed by the high one. Use a low security key signed by a high security one. Change the low security key every so often. Keep the low security key under a pass phrase unrelated to the one you use for the high security key, and don't ever even store the high security key on the multi-user system. Then use some package (like my pgpmail.el) which connects your multi-user system's mail program to pgp. Sign your posts and casual mail with the low security key, and if/when it is compromised you will be able to issue convincing key change notices using the high security key. Naturally you should get other folks to sign your high security key, not the low one. That's what I do. j' -- O I am Jay Prime Positive jpp@markv.com 1250 bit key fingerprint = B8 95 E0 AF 9A A2 CD A5 89 C9 F0 FE B4 3A 2C 3F 524 bit key fingerprint = 8A 7C B9 F2 D5 46 4D ED 66 23 F1 71 DE FF 51 48 Public keys by `finger jpp@markv.com' or mail to pgp-public-keys@pgp.mit.edu Your feedback is welcome, directly or via symbol JPP on hex@sea.east.sun.com