[qubes-users] Split PGP threat model questions

Let's say I have created a general purpose domain for storing EVERY subkey I create, what kind of implications could this have? Am I leaking multiple identities every time I use the gpg wrapper?

Where can I read deeper into the design as well?

I'm assuming you have read:

The "Discussions" referenced at the bottom of that page are a good

As to the risks in storing all your keys in the same qube, there *is* a
danger, in that an attacker who gained access to a client qube would be
able to see your subkeys and therefore link identities.
Since the overhead in creating multiple pgp qubes is small, I would do that.

The reason I think it'd be beneficial to create one central domain is so it can be autostarted and handle most PGP operations, multiple vms wouldn't be very convenient, as well as limitations on memory usage, I wouldn't even think to autostart multiple PGP domains, but even in not doing so, my memory goes quick.

Should I utilize a dispvm as a middleman? One disposablevm shouldn't be too impactful on memory usage, and I could just copy documents around instead of multiple keys.