Robot CA at

Richard Laager
Tue Dec 10 18:49:02 2002

Hash: SHA1

> -----Original Message-----
> From: 
> [] On Behalf Of
> Sent: Tuesday, December 10, 2002 9:08 AM
> To:
> Subject: Re: Robot CA at

> The main objection I have to getting any sort of robot or 
> automated gnupg 
> user into the WoT is that the robot is inherently insecure. 
> You have a 
> program that is signing keys on machine connected to the 
> internet, and 
> the passphrase *and* secret key are both stored on the box. I 
> know that 
> not everyone stores their secret key on removable media far from
> the  public internet, but I do think that the great majority of the
> people  in the WoT store their passphrase in memory only.

Can signing subkeys be used to make signatures on other keys? I
believe the answer is no, from this post:

If signing subkeys could be used for key signatures, the robot would
only need the secret portion of a subkey. If that machine was
compromised, that subkey could be revoked, and another subkey could
be used. Also, this would allow for the signing subkey to expire
without having to expire the main robot key. This provides the
advantage that those trusting the robot key don't need to worry about
finding and trusting a new robot key.

Adding this capability would surely break compatibility with other
OpenPGP applications, right? I'm not suggesting this should be
implemented, I'm just thinking out loud.

Richard Laager

Version: PGP 7.0.4