Enigmail speed geeking

Robert J. Hansen rjh at sixdemonbag.org
Thu Mar 12 20:44:31 CET 2015


> I would go so far as to say for the vast majority of users they are 
> totally unnecessary. It's cool to play with smart cards, and I'm all
> in favor of that sort of thing ... but for the overwhelming number of
> PGP users the threat model just isn't there.

I dunno.  I think there are some good arguments for regular users
employing them; I just don't think those arguments are all that compelling.

For instance, I have my smartcard cross-signed with my usual certificate
(0xD6B98E10).  If you trust 0xD6B98E10, you'll probably also trust my
smartcard certificate -- and vice-versa.  Now let's say that in a couple
of years 0xD6B98E10 gets compromised.  I revoke the certificate,
propagate the revocation, and generate a new cert (0xBADD00D5).  I sign
0xBADD00D5 with the smartcard cert and put it up on the servers.  Etc.
People can see 0xBADD00D5 is signed by my smartcard and can have
confidence this is my new certificate.

This is basically the idea of the "offline master signing key" that a
lot of people talk about, but a lot more convenient due to the smartcard
form-factor.  I don't have to worry about air-gapping the signing
system, I just have to worry about finding the card reader when it comes
time to generate a new cert.

> Further, the inconvenience of having to deal with generating and 
> socializing a new key if your smart card gets lost, becomes
> inoperable, etc. is way too high a cost for near-zero benefit.

Yep.  Don't lose 'em.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150312/ef2dea5f/attachment.sig>


More information about the Gnupg-users mailing list