On 15/01/16 21:02, Doug Barton wrote: > On 01/15/2016 12:21 PM, Andrew Gallagher wrote: > | I've > | worked on several projects for more than one financial institution, > | and airgaps like this are considered barely sufficient for some > | important keys. (Of course in such projects the idea of a > | certification subkey not on the airgapped machine would be > | completely unacceptable...) > > That's interesting, and you have made me curious ... what's the threat > model? And what is that key certifying?
Most relevant example, a system where users can register their authorisation keys against a semi-automated authority which signs them for trust by a third system. The root key that certifies the automated authority keys is offline. Essentially a private root CA. Now, this example is using x509 rather than pgp, but the threat model is the same. Bad guys hack into the system, they can fake a trust relationship, which in turn compromises a different system. To put this into PGP terms, say Lachlann were Stallman (ok, I'm stretching a bit!). Then say someone wants to impersonate Linus. If they could root RMS's laptop they could certify a key in Linus's name and many people would say "RMS is paranoid, so it really must be Linus!". ;-) But if RMS keeps his certification key offline, the best the hackers can do is impersonate him - until he notices of course, at which point he can roll his subkeys and draw a line under the incident. Of course if a C-capable subkey were to exist, Linus would lose the benefit of the airgap. RMS would still be able to roll his subkeys, but that would also revoke all the trust relationships that depended on the C-subkey. So both of them are worse off. A
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
