multiple subkeys and key transition

[J. Ottosson]

On 10 Dec 2010 at 4:18, Ben McGinnes wrote:

> On 10/12/10 3:58 AM, J. Ottosson wrote:
> > On 10 Dec 2010 at 2:55, Ben McGinnes wrote:
> >>
> >> As the smartcard isn't on the agenda for me at all, I'll base my
> >> decision on security rather than convenience.
> > 
> > If smartcard is not on your agenda you are certainly not basing your
> > decision on security.
> 
> And you're basing that assessment on what?
> 
> I know where all the physical media containing a copy of my secret
> key(s) are and I control all the hardware that can access them.

But you do know what purpose a smartcard type of device is for, right? 
Protection of some kind of data, most often a key or several of them. We use 
hardware security devices of various sorts in many situations where high 
security is a requirement. We use them for tokens, crypto keys and we use them 
in systems processing our PIN handling in the financial systems etc (like the 
IBM 4758 etc).

Since protection of the private key is the single most important issue for any 
openpgp user, it is very natural to think about smartcard, since it is the best 
way to protect a key from disclosure.

Then, after having made the analysis of threats and cost one may opt to not use 
it anyway, as most of us do, at least partly and for some keys.

Unless you are using some kind of trusted computer system you simply do not have 
that kind of control over what is or is not done on your computer.

Then when it comes to media that the key is written onto and has ever been 
written onto, well that's often a bigger issue than most people tend to think. 
Anyone having used EnCase and tools alike it know what I mean. It all depends, 
partly on luck, if someone raids your home, if you're owned or not. Do you 
remember any old floppys that your earlier keys were ever saved to? Most don't.

It all comes down to what opponent we're having. So, it's partly a question 
about what threat model we're sitting in. A normal user like you and me are in 
most circumstances ok with an ordinary keyring on a portable USB stick or 
perhaps in a Truecrypt container for extra protection but others are not.

And I've been attending tempest lab tests too, so I'd say that most anything 
many users think is impossible or only happens on film is not even close to the 
limits of what some TLAs are readily doing.

A clue on that can also be picked up by looking at the counterintel procedures 
for sigint by the KGB during the cold war. If those types of guys are after you, 
a hardware security type of device is of limited protection to you too btw.

I can say this much, there exist smartcard research papers today, that are 
classified since a decade back or more and not seen by more than 10-20 people, 
and they are so for a reason.

So actually, nothing is safe come to think of it. But that't too depressing so 
we pretend smartcards are, from a practical perspective. 


nuff said

> 
> 
> Regards,
> Ben
> 
> 

A few related links:
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
http://en.wikipedia.org/wiki/Trusted_Computing
http://en.wikipedia.org/wiki/Smart_card
http://en.wikipedia.org/wiki/FIPS_140-2
http://www.cl.cam.ac.uk/~mkb23/research/Survey.pdf