> I would go so far as to say for the vast majority of users they are > totally unnecessary. It's cool to play with smart cards, and I'm all > in favor of that sort of thing ... but for the overwhelming number of > PGP users the threat model just isn't there.
I dunno. I think there are some good arguments for regular users employing them; I just don't think those arguments are all that compelling. For instance, I have my smartcard cross-signed with my usual certificate (0xD6B98E10). If you trust 0xD6B98E10, you'll probably also trust my smartcard certificate -- and vice-versa. Now let's say that in a couple of years 0xD6B98E10 gets compromised. I revoke the certificate, propagate the revocation, and generate a new cert (0xBADD00D5). I sign 0xBADD00D5 with the smartcard cert and put it up on the servers. Etc. People can see 0xBADD00D5 is signed by my smartcard and can have confidence this is my new certificate. This is basically the idea of the "offline master signing key" that a lot of people talk about, but a lot more convenient due to the smartcard form-factor. I don't have to worry about air-gapping the signing system, I just have to worry about finding the card reader when it comes time to generate a new cert. > Further, the inconvenience of having to deal with generating and > socializing a new key if your smart card gets lost, becomes > inoperable, etc. is way too high a cost for near-zero benefit. Yep. Don't lose 'em.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
