I am not arguing that paper copies are less reliable; of course, they are; however, they are not as secure. I prefer greater security and key protection at the risk of less key reliability. I would be ecstatic if malware on my system chose to brick my smartcard over getting access to decrypted communication that it could be snooping on. I personally would prefer to lose access to my own data than let an adversary gain access to it. That being said, if I could avoid losing access to my data by having a proper redundant setup, I would prefer it.concerned, you could use three. The probability that one card out of ten will have a failure in a decade is far higher than the chance thatYou should also be concerned that malware bricks your (backup) card. You can only avoid that by using an always air-gaped box which is pretty inconvenient.Paper copies are actually much more reliable. I meanwhile scribble down the key using a pencil and paper. Modern keys are short enough to do that. (you should also note the creation date).
all two or three cards will have a failure. Allowing retirement key slots means you can easily choose your level of redundancy while still keeping your keys on secure hardware only.Back to your original request. A new revision of the OpenPGP card is in the works and the plan is to add more key slots. Surely there will be some support for this in GnuPG. If you want support for the extra PIV slots, we first need to find a business case for this (its not just the development effort but also the future maintanence work which I have to consider).
First, if you are working on a new revision of the OpenPGP card, please let me know if I can reasonably do anything to help. While I don't have as much free time as I like, I am a software developer and would love to help get this feature added if possible. With that being said, what do you mean by a business case for this? Is there some format of a proposal that you are particularly expecting, or is anything that outlines options, benefits, risks, etc., sufficient?
Sincerely, Brandon Anderson
OpenPGP_0x255837AEF812E87E.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
