Best practice for periodic key change?

[MFPA]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Monday 9 May 2011 at 5:09:00 PM, in
<mid:201105091809.05423.mailinglisten at hauke-laging.de>, Hauke Laging
wrote:


> Am Sonntag, 8. Mai 2011, 14:50:36 schrieb MFPA:
>> Mainly the key's owner, but could also protect others from relying on
>> signatures from a compromised key for which they have not received a
>> revocation certificate.

> Right. The problem: Protection you don't know of. So
> seriously this additional protection will not be taken
> into account (unless you happen to have more
> information about the key handling).

I meant the protection other users derive because the compromised subkey
expired and the attacker cannot keep making signatures with it.


>> Could a modified version of "HOW TO MIGRATE A (SUB)KEY
>> INTO A NEW KEY"
>> http://atom.smasher.org/gpg/gpg-migrate.txt be used to
>> substitute one of your subkeys with another of the
>> same type and size? Or what would be the implications
>> of an attacker migrating your subkeys to another
>> master key?

> That would be useless. The result would be that the
> attacked user (if he had imported the master key with
> the migrated subkey) would believe that a signature has
> been made by the attacker instead of the person whom he
> has stolen the key from.

Could that be a form of attack? Bob and Mallory sign a contract of
some kind - it transpires the contract benefits Bob - Mallory tries to
make it look as if Bob had not signed.



> The problem is that German
> / EU signature law requires a legally fully trusted key
> to be created in hardware which he can never be read
> from. So the so called qualified signatures can be made
> with smartcards only. Thus the certification
> authorities are not allowed so certify today's mainkeys
> because you can create valid subkeys outside smartcards
> with them without the CA being part of that.

Sounds like vested interests calling the shots.



> IMHO there are only two possibilities for making (a new
> version of) OpenPGP signature law compatible:

There is a third way: amend the law so that the Web of Trust is used
instead of the CAs.


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Look, it's a hat! It's not going to hurt you.
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNyCmZnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5po0AD/iuB
L6eK+ZSvFteIFxU1cMg6iEPAzKQNuRA9AheQtKUox/cTEoIPLx0MUpZuRP+JWy86
8VUe5TytuDuFilz5dC7VQOofZfVfyp5pJMWBeO/aJ/wLvBtL20ty4jyk8pwjeA6H
Uf/2x/qil1p881Bgv9VkW8j/RQQH4rkUyT1Z9Fcz
=qWQU
-----END PGP SIGNATURE-----