Several master keys vs. master key and subkeys

[Philipp Schafft]

reflum,

On Tue, 2013-07-16 at 07:16 +0800, Martin wrote:
> * I find them Confusing.

So what's the point here? If he doesn't yet the concept it doesn't mean
it is bad. It's just a statement about him, not the standard. e.g. I
haven't got the concept of armoured concrete, yet I life in a house
build this way and it works great for me.


> * There are disturbingly many (i.e., any at all) bug reports on the
> web about gpg software handling subkeys incorrectly.

I have never seen any. There may be. But there may be also bugs for all
other parts of all other software.


> * It is possible to export a subkey and attach it to a different
> primary key, creating a potential security hole.

To use really use the subkey you need to be abled to use it anyway. If
you are already be abled to use it (having a copy of the secret key
material, knowing the passphrasse...) there is no longer need to attach
it to a diffrent key. You can already use it.

To me this sounds like half-thought thingy: I don't understand the
concept fully so I consider it to have security problems.


> * No ability (without a lot of hassle, anyway) to use different
> passphrases on primary and subkeys.

For the few setups I used this before it worked for me.


> I would like to know if David Soergel's approach has any flaws. As I
> understand it, it works the same as using real subkeys, I would create
> two normal keys, declare one to be my master key and one to be my
> first subkey.

Biggest problem to me with this (some used do it so it *is* a real world
problem to me): this breaks the Web of Trust. The normal calculation
doesn't work anymore as expected. Validity is calaculated wrong (as
those are leaf nodes in the WoT and have only one other node connected).
Also signing those keys isn't a better option: they are replaced yearly
or something. So as soon as the key is expired or revoked I would need
to re-sign the replacing key.

Also if I trust both keys in some way the person counts twice if he
signs some other keys. If he does that for some years he may have a sum
of keys I have signed and trust. If he un-expires them so they become
valid again he can sign some other key and that one becomes valid and
trusted to me with just that person as trust path. So the person can
'inject' a valid key as of the view of my gpg.

So for me that often leads to alterning the trustdb manully that adds
extra work and has some risks of it's own. See above.


> Then I would sign the subkey with the master key which would enable me
> to create a revocation cert for this subkey later, if needed?

You can always revoke any primary or subkey. You just need to be abled
to use the corressponding certification key (your primary key) or create
a revocation certificate (signature) after creating the key and use that
late. (there are more ways to invalidate a key but I don't want to
confuse you more than needed :).


Hope my post is of any help.


-- 
Philipp.
 (Rah of PH2)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20130716/5964b0ec/attachment.sig>