>If your level-3 key is compromised, you revoke it, generate a new one and sign >it with the level-2 key. The new level-3 key will be automatically valid for >your correspondents.
what if i lose the level-2 key too? imagine level-2 and level-3 key are both on my phone, with NO other copy of the level-2 and level-3 private key. Can i revoke all of them? If my device is in the hand of a bad person, will he be able to compromise my level-1 key meanwhile I get in contact with someone that can revoke the level-2 key (and so all of its subkey)? Also i understand the key-level truthiness, but here i want to AUTOMATE, make this thing MORE EASY to use than a common password approach. This approach MUST be "housewife proof"; her son/truth person will set up the sign key for her and then just tell her to keep the smartcard in a safe place. Then to choose a safe password for the SIGN key. That is the only password out housewife need, unless she will loose or get a compromised phone; at this point, she will call the trust person that will take care revoke, and then issuing a new SIGN key on her new phone. No need to go and reset ALL of her account and such; all the key she had has been already replaced :) 2017-09-10 20:39 GMT+02:00 Damien Goutte-Gattat <dgouttegat...@incenp.org>: > On 09/10/2017 08:30 PM, lesto fante wrote: >>> >>> If your level-1 key is compromised, you revoke it, generate a new one and >>> sign it with the level-2 key. The new level-1 key will be automatically >>> valid for your correspondents. >>> >>> If your level-2 key is compromised, you revoke it, generate a new one, >>> tsign it with the level-1 key >> >> >> this is exactly what i DON'T want. The level 2 key (or level 1, it >> seems you mixed them up) > > > Sorry, I did mix level-1 and level-3 keys in the first sentence you're > quoting. What I meant was: > > If your level-3 key is compromised, you revoke it, generate a new one and > sign it with the level-2 key. The new level-3 key will be automatically > valid for your correspondents. > _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
