On Sat, 9 Sep 2017 14:54, philip.jack...@nordnet.fr said:
> Suggestions as to how to check and correct this situation would be
> appreciated.
Newer versions of gpg should print a better error message; at least with
-v. I guess that your pinentry is not installed or can't be used.
Do you have t
On Sat 2017-09-09 00:50:56 +0200, lesto fante wrote:
> Maybe this is not the right place to discuss about this, please be
> kind with a noob.
this is the right place, welcome!
> My user case is simple; maintain my identity even if my master key is
> compromised. Tho achieve that, I think about a
On 09/10/2017 04:36 PM, Daniel Kahn Gillmor wrote:>> My user case is
simple; maintain my identity even if my master key is
>> compromised. Tho achieve that, I think about a multilevel subkey
>> system.
>
> I'm not sure how the proposed multi-level system is an improvement over
> an offline primary
> On 10 Sep 2017, at 16:28, Leo Gaspard wrote:
>
> I can think of at least one use case it covers in addition to an offline
> masterkey (but that would also be covered by C subkeys): the ability to
> sign others’ keys without using your masterkey. This would allow to not
> have to expose the key
Thanks!
I though a bit more and I have now a bit more clear ideas.
I want a "identity" key; this is the most important key and should be
super-secure, like a hw wallet/card. In the best case scenario it is used
to issue a master key, and never used again.
Then we have one (or more) master key; t
I am a bit confused by your "C key" terminology, i assume you are referring
to what i call "master key", or level 2 key, that now I want to call SIGN
KEY.
Lets all agree on the terminology please. I propose this:
level 1: IDENTITY key - keep super safe. Paranoid level safe.
level 2: SIGN key -
On 09/10/2017 06:36 PM, lesto fante wrote:
> I am a bit confused by your "C key" terminology, i assume you are
> referring to what i call "master key", or level 2 key, that now I want
> to call SIGN KEY.
Oh yes sorry, I forgot to explain my terminology.
> Lets all agree on the terminology please.
Hello,
On 09/09/2017 12:50 AM, lesto fante wrote:
Tho achieve that, I think about a multilevel subkey system.
The OpenPGP specification already has some support for a hierarchical
system, in the form of "trust signatures".
(Hereafter, I will use "trust-sign" as a verb to refer to the act of
(you forgot to Cc: the list, I'm Cc-ing back as it doesn't seem
voluntary to me)
On 09/10/2017 07:50 PM, lesto fante wrote:
>> Besides, there is no
> need to give the same masterkey to your bank and your smart fridge, as
> they will (likely?) not participate in the Web of Trust anyway
>
> not the
On 09/10/2017 08:30 PM, lesto fante wrote:
If your level-1 key is compromised, you revoke it, generate a new one and sign
it with the level-2 key. The new level-1 key will be automatically valid for
your correspondents.
If your level-2 key is compromised, you revoke it, generate a new one, tsi
can you please explain what are C subkey?
unfortunately a search with those terms does not return nothing
relevant, a direct link to some docs would be nice.
Also i took a look at rfc4880bis but again i can't see how is related
to C key or this argument at all.
(sent again as sent only to andrew
(sent again because i forgot to add the mailing list in CC, sorry)
>If your level-1 key is compromised, you revoke it, generate a new one and sign
>it with the level-2 key. The new level-1 key will be automatically valid for
>your correspondents.
>
>If your level-2 key is compromised, you revoke
On 09/10/2017 09:17 PM, lesto fante wrote:
If your level-3 key is compromised, you revoke it, generate a new one and sign
it with the level-2 key. The new level-3 key will be automatically valid for
your correspondents.
what if i lose the level-2 key too? imagine level-2 and level-3 key
are b
>If your level-3 key is compromised, you revoke it, generate a new one and sign
>it with the level-2 key. The new level-3 key will be automatically valid for
>your correspondents.
what if i lose the level-2 key too? imagine level-2 and level-3 key
are both on my phone, with NO other copy of the
>You revoke the level-2 key, that will be enough to invalidate the signature on
>the level-3 key.
>I merely pointed out what is already feasible with the current state of the
>OpenPGP specification and the GnuPG implementation.
you are right, after all if it is there, it can be automated. The r
(THIS IS THE FULL MAIL I FORGOT TO CC, for future reference)
>This is the terminology that would be used under your proposal, do I
understand correctly?
yes, we can change it, but i think this is pretty understandable.
>What I called C subkeys is based on the terminology for the three major
ope
On 09/10/2017 11:32 PM, lesto fante wrote:
just to be sure I don't misunderstand, the level 2 key cannot revoke
the level 1 key, right?
No it cannot.
And to be more precise, in the situation where the level-2 key is
compromised, you actually do not revoke the level-2 key itself (using
the co
>And to be more precise, in the situation where the level-2 key is compromised,
>you actually do not revoke the level-2 key itself (using the corresponding
>level-2 private key), you revoke the trust signature on the level-2 key (using
>the level-1 private key). The level-2 will then cease to be
18 matches
Mail list logo
