Robot CA at toehold.com
Richard Laager
rlaager@wiktel.com
Tue Dec 10 18:49:02 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> -----Original Message-----
> From: gnupg-users-admin@gnupg.org
> [mailto:gnupg-users-admin@gnupg.org] On Behalf Of greg@turnstep.com
> Sent: Tuesday, December 10, 2002 9:08 AM
> To: gnupg-users@gnupg.org
> Subject: Re: Robot CA at toehold.com
> The main objection I have to getting any sort of robot or
> automated gnupg
> user into the WoT is that the robot is inherently insecure.
> You have a
> program that is signing keys on machine connected to the
> internet, and
> the passphrase *and* secret key are both stored on the box. I
> know that
> not everyone stores their secret key on removable media far from
> the public internet, but I do think that the great majority of the
> people in the WoT store their passphrase in memory only.
Can signing subkeys be used to make signatures on other keys? I
believe the answer is no, from this post:
http://lists.gnupg.org/pipermail/gnupg-users/2002-August/014723.html
If signing subkeys could be used for key signatures, the robot would
only need the secret portion of a subkey. If that machine was
compromised, that subkey could be revoked, and another subkey could
be used. Also, this would allow for the signing subkey to expire
without having to expire the main robot key. This provides the
advantage that those trusting the robot key don't need to worry about
finding and trusting a new robot key.
Adding this capability would surely break compatibility with other
OpenPGP applications, right? I'm not suggesting this should be
implemented, I'm just thinking out loud.
Richard Laager
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQA/AwUBPfYpSG31OrleHxvOEQL3PwCg8CdsQXNMHCrcrPhmaMmoMf4lmWQAoPsT
Em7ht068T/ObJSDybEY+iUBG
=zVSP
-----END PGP SIGNATURE-----