> > On 20/02/15 09:32, NdK wrote: > > 1 - support for more keys (expired ENC keys, multiple signature keys) >
At the very least, adding expired ENC keys to the card spec is a really great suggestion. I'm trying to pitch people on using smart cards to secure their email, and one common question I get is "What happens if I lose my card?" Telling them they have to generate a new key is a bitter pill if it means they can't decrypt their old emails. This feature is not without precedent; the NIST standard for CAC/PIV cards includes fields for 20 retired "key management" keys, which are used to decrypt old messages. [1] I think this one feature would go a long way to making smart cards a more accessible solution for everyday use. [1]: http://csrc.nist.gov/publications/nistpubs/800-73-3/sp800-73-3_PART4_piv-transitional-interface-data-model-spec.pdf in item 2.4.7, "Key History Object". -- Joey Castillo www.joeycastillo.com
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
