(sent again because i forgot to add the mailing list in CC, sorry) >If your level-1 key is compromised, you revoke it, generate a new one and sign >it with the level-2 key. The new level-1 key will be automatically valid for >your correspondents. > >If your level-2 key is compromised, you revoke it, generate a new one, tsign >it with the level-1 key
this is exactly what i DON'T want. The level 2 key (or level 1, it seems you mixed them up) is way less safe than the level 1, as the level 1 is on your smart-card, in a safe place, and the level 2 is in your PC, on your smartphone, and you basically carry it with you every time, as you want to be able to access new services without the hassle of having the smart-card with you. With all the security problem connected to having the smart-card with you; I assume keeping in in your house, or even in a security box, is way more safe. So again: trust goes in one direction only, the same direction of security. Level 1 > Level 2 > Level 3 >Slightly off-topic, but using a NFC-enabled token might be an easier way to >deal with that particular concern. I have one of them. Result: * I do not carry them with me, I'm to scared to lose it * The card does not have NFC * I don't have NFC on my emergency smartphone, so i need to also carry the cable and hope the phone can handle it (driver + OTG usb) * If my smartphone/pc is compromised, when i connect the NFC they can do whatever they want, even sign THEIR key and revoke mine. With my system the level 2 key get revoked, and I know the device that have it are compromised, so i will format/change them before issuing a new level 2 key * I created some key on my pc and used them for a while for this email, until the for an unfortunate accident i lost them and their backup (remember to power up your USB key, they have an internal battery that need to be recharged sometimes, should be 10 years... should); if they would have somehow signed by my HW wallet (witch i assume NOT having the same power-related issue), i could have issued a new one, and uploaded them on the key server. Instead now i can't even revoke them. There are more, if i sit there and think about all frustration i had to manage my keys, and for sure there is a lot to do in the wallet side too. 2017-09-10 19:47 GMT+02:00 Damien Goutte-Gattat <dgouttegat...@incenp.org>: > Hello, > > On 09/09/2017 12:50 AM, lesto fante wrote: >> >> Tho achieve that, I think about a multilevel subkey system. > > > The OpenPGP specification already has some support for a hierarchical > system, in the form of "trust signatures". > > (Hereafter, I will use "trust-sign" as a verb to refer to the act of > emitting a trust signature.) > > For a 3-levels hierarchy as you describe, you could do the following: > > a) You sign your level-3 key(s) with your level-2 key; > > b) You trust-sign your level-2 key with your level-1 key, with a trust depth > of 1. > > c) Your correspondents trust-sign your level-1 key, with a trust depth of 2. > > If your level-1 key is compromised, you revoke it, generate a new one and > sign it with the level-2 key. The new level-1 key will be automatically > valid for your correspondents. > > If your level-2 key is compromised, you revoke it, generate a new one, tsign > it with the level-1 key, and use it to re-sign your level-1 key (although if > the level-2 key is compromised, you may want to assume that the level-1 key > is compromised as well, and generate a new one). Again, the new level-2 key > will be valid and trusted by your correspondents, since it bears a trust > signature from the level-1 key. > > The problem you may have with this method is that it depends on your > correspondents *trust-signing* your level-1 key. If they use a normal > signature instead (or a trust signature with a trust depth < 2), no > ownertrust will be assigned to the level-2 key and therefore the level-3 key > will not be considered valid. So you have to tell your correspondents to > *trust-sign* your level-1 key, but you cannot force them to do so. > > This is kind of a design feature of OpenPGP, by the way: the user is always > free to choose whom he wants to trust, and to what extent. This is by > contrast with the X.509 world, where the fact that a certificate can only be > signed by *one* authority gave rise to an ecosystem of CAs that are > "too-big-to-fail" (or "too-big-to-choose-not-to-trust"). > > >> Now the nice thing: i guess most of the people will use their phone >> to keep the level 2 key, but we know those are not the most secure >> stuff, especially when get old or wit some producer allergic to >> patch. > > > Slightly off-topic, but using a NFC-enabled token might be an easier way to > deal with that particular concern. I know of at least two such tokens: the > Yubikey NEO [1] and the Fidesmo Privacy Card [2]. > > > Damien > > [1] https://www.yubico.com/products/yubikey-hardware/yubikey-neo/ > > [2] http://shop.fidesmo.com/product/fidesmo-privacy > _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
