A few newbie questions, I'am doing this right?

Hauke Laging mailinglisten at hauke-laging.de
Sun Dec 16 06:03:42 CET 2012

Am Sa 15.12.2012, 15:07:48 schrieb MFPA:

> Since key compromise is possible however careful you intend to be,
> isn't it better for the non-expiring main key to have the minimum
> possible capability set?

I don't think that makes sense. There is no general difference between a 
mainkey and a subkey. Why should there be a difference in the damage whether 
the one or the other is compromised?

The real difference is the security level, at least for those who use offline 
mainkeys. The security level is the amount of effort by an attacker in order 
to compromise your key. But why should one prefer a compromised subkey over a 
compromised mainkey if both are on the same security level? Think of two keys. 
One everyday key with a highly secure mainkey and one key which is completely 
kept at high security level. How is a compromised offline mainkey worse that a 
compromised high security subkey?

The practical difference is that probably most people don't have a high 
security key so limiting the mainkey's capability set limits their options 
(without increasing security). With a compromised mainkey it shouldn't be a 
problem to create a certificate with a modified capability set anyway. I don't 
know how keyservers and GnuPG react to such a change, though.

> There is no real limitation here. If a need arose for "higher
> security" signing or encryption keys, new subkeys with those
> capabilities could be created and circulated, and the secret subkeys
> stored offline just like the main key.

That's right but makes the whole thing even more complicated – without 
explaining what the advantage should be. And complicated is bad as 
understanding is critical to the practical value of crypto. The concept of a 
more secure mainkey is relatively commonly known.

> > Unfortunately (I don't know the reason for this policy
> > difference) the same is true for PIN pads and
> > encryption. But for signatures the damage can be
> > limited.
> Maybe because encryption uses the public key, so no passphrase or PIN
> would be required?

That was not precise enough by me. That (I though) obviously referred to 
decryption. Once unlocked the OpenPGP card does as many decryptions as you 
want. I do not see any reason for that. It cannot be the precious storage of 
one more flag. And nobody would be forced to use this feature.

> >> > • add a UID without email (just your name and a
> >> 
> >> comment; this will be > valid > "forever")
> Really? In many countries it is traditional for one or or both
> partner(s) to change their name on marriage.

That's true for Germany, too, but I would not call such a "depricated" name 
"invalid". The person can still be identified by the old name.

> That strikes me as good advice even if your main key is not stored
> offline.

In that case it makes sense IMHO only if the certification procedure (for the 
"real" key) is somewhat complicated because the key owner follows a good 
certification policy.

PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20121216/941b53ce/attachment.pgp>

More information about the Gnupg-users mailing list