I'm configuring a new server with backups via duplicity to rsync.net. I'm wondering about my current key strategy. I currently encrypt to my "main" gpg key, and to an additional passphrase protected private key that lives on the server in question. That is mildly annoying to deploy, so I thought it would be a good idea to reconsider my strategy. The second key is protect against the loss of my first key, but I'm not sure there are many threats the passphrase protects against. 1/
@bremner I'd caution against making it too difficult for yourself when it comes time to restore. Having lost access to backups because I was too concerned about threats that had no real bearing on my life, I'm now of the opinion that the small risk of an unknown motivated attacker who happens to even understand the backup strategy is much less than the large risk of not being able to recover.