Whishlist for next-gen card
Joey Castillo
jose.castillo at gmail.com
Thu Mar 12 19:36:53 CET 2015
>
> On 20/02/15 09:32, NdK wrote:
> > 1 - support for more keys (expired ENC keys, multiple signature keys)
>
At the very least, adding expired ENC keys to the card spec is a really
great suggestion. I'm trying to pitch people on using smart cards to secure
their email, and one common question I get is "What happens if I lose my
card?" Telling them they have to generate a new key is a bitter pill if it
means they can't decrypt their old emails.
This feature is not without precedent; the NIST standard for CAC/PIV cards
includes fields for 20 retired "key management" keys, which are used to
decrypt old messages. [1] I think this one feature would go a long way to
making smart cards a more accessible solution for everyday use.
[1]:
http://csrc.nist.gov/publications/nistpubs/800-73-3/sp800-73-3_PART4_piv-transitional-interface-data-model-spec.pdf
in item 2.4.7, "Key History Object".
--
Joey Castillo
www.joeycastillo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150312/118e9b33/attachment.html>
More information about the Gnupg-users
mailing list