State-of-the-art way to setup a shared security@ email with hardware-backed keys?

[Simon Josefsson]

I want to setup a security at example.com contact email address that should
accept OpenPGP encrypted emails.  The purpose is to notify us of
security incidents.  The decryption key needs to be shared by several
people who are authorized to read and reply to such emails.  Naturally I
don't want soft keys laying around on everyone's disk.

Is anyone doing this for some organization?  What is the best way to
achieve this?

My current idea is to generate a security at example.com master PGP key and
keep that offline, and to generate one decryption sub-key, and load that
onto a couple of OpenPGP Card smartcards.

This would allow authorized people to decrypt emails properly, by using
the "security team smartcard".  To respond to the emails, they would
need to use their own smartcard which is a nauisance but workable.

Dealing with revocation (if someone quits or loses their smartcard)
seems feasible: just revoke the subkey and generate a new one, loading
that onto everyone's smartcards.

One alternative I can think of is to setup a server that receives the
email, decrypts it and encrypts it to all people who should receive it.
Then they can use only their personal smartcard and don't need to carry
another smartcard around.  The disadvantage with this is that the server
will become an easy attack target.

What we currently use is to publish the individal PGP keys for all
security team members, so people can encrypt to all of us and email
directly, but that is rather unfriendly to people sending us reports.

Thoughts?

/Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 472 bytes
Desc: not available
URL: </pipermail/attachments/20150609/1569136f/attachment.sig>