Hello, On 09/09/2017 12:50 AM, lesto fante wrote:
Tho achieve that, I think about a multilevel subkey system.
The OpenPGP specification already has some support for a hierarchical system, in the form of "trust signatures".
(Hereafter, I will use "trust-sign" as a verb to refer to the act of emitting a trust signature.)
For a 3-levels hierarchy as you describe, you could do the following: a) You sign your level-3 key(s) with your level-2 key;b) You trust-sign your level-2 key with your level-1 key, with a trust depth of 1.
c) Your correspondents trust-sign your level-1 key, with a trust depth of 2.If your level-1 key is compromised, you revoke it, generate a new one and sign it with the level-2 key. The new level-1 key will be automatically valid for your correspondents.
If your level-2 key is compromised, you revoke it, generate a new one, tsign it with the level-1 key, and use it to re-sign your level-1 key (although if the level-2 key is compromised, you may want to assume that the level-1 key is compromised as well, and generate a new one). Again, the new level-2 key will be valid and trusted by your correspondents, since it bears a trust signature from the level-1 key.
The problem you may have with this method is that it depends on your correspondents *trust-signing* your level-1 key. If they use a normal signature instead (or a trust signature with a trust depth < 2), no ownertrust will be assigned to the level-2 key and therefore the level-3 key will not be considered valid. So you have to tell your correspondents to *trust-sign* your level-1 key, but you cannot force them to do so.
This is kind of a design feature of OpenPGP, by the way: the user is always free to choose whom he wants to trust, and to what extent. This is by contrast with the X.509 world, where the fact that a certificate can only be signed by *one* authority gave rise to an ecosystem of CAs that are "too-big-to-fail" (or "too-big-to-choose-not-to-trust").
Now the nice thing: i guess most of the people will use their phone to keep the level 2 key, but we know those are not the most secure stuff, especially when get old or wit some producer allergic to patch.
Slightly off-topic, but using a NFC-enabled token might be an easier way to deal with that particular concern. I know of at least two such tokens: the Yubikey NEO [1] and the Fidesmo Privacy Card [2].
Damien [1] https://www.yubico.com/products/yubikey-hardware/yubikey-neo/ [2] http://shop.fidesmo.com/product/fidesmo-privacy
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
