Robot CA at

Richard Laager
Tue Dec 10 22:38:02 2002

Hash: SHA1 wrote:

> Richard Laager wrote:
> > If signing subkeys could be used for key signatures, the robot
> > would only need the secret portion of a subkey. If that machine
> > was
> > compromised, that subkey could be revoked, and another subkey
> > could be used. Also, this would allow for the signing subkey to
> > expire without having to expire the main robot key. This provides
> > the advantage that those trusting the robot key don't need to 
> worry about
> > finding and trusting a new robot key.
> Partly, but a robot that has been compromised once is not going to
> be  trusted very much. All things signed by the compromised would 
> be useless, 
> and future subkeys would not be trusted for fear of another 
> compromise. 
> Better to get a new robot at this point!

Get a new robot? Do you mean reinstalling the same robot software on
a new (secured) system with a new keypair? If that's the case, things
are no more secure than reinstalling the same robot software on a new
(secured) system with a new subkey pair. This senario assumes that it
was not the robot software that caused the break-in. If it was the
robot software, presumably, the hole would be patched before setting
up a new box.

I've had servers of mine compromised. Did I stop trusting the
software I ran on them? Sort of. I knew that I needed a patched
version, but that's all I could do. Are you going to switch operating
systems and all userland software after a compromise because the same
stuff might get compromised again? I know I wouldn't. As long as the
hole is patched and everything is reinstalled on a clean system, I
can trust it as much as (or more than) the old system.

But, as others have mentioned, it's probably easier to have a master
robot signing key that signs robot keys. That doesn't break
compatibility with PGP, et al.

> > Adding this capability would surely break compatibility with
> > other OpenPGP applications, right?
> Doesn't everything seem to at this point? :)

I really wish it was possible to use signing subkeys. I wouldn't even
need the secret portion of my primary signing key to be on my system
except when I needed to add/revoke a subkey. After all, the results
of having a primary signing key compromised are disasterous. But, it
would be a bad idea to break compatibility.

Richard Laager

Version: PGP 7.0.4