basic identity mgmt

[Andrew Gallagher]

On 15/01/16 21:02, Doug Barton wrote:

> On 01/15/2016 12:21 PM, Andrew Gallagher wrote:
> |  I've
> | worked on several projects for more than one financial institution,
> | and airgaps like this are considered barely sufficient for some
> | important keys. (Of course in such projects the idea of a
> | certification subkey not on the airgapped machine would be
> | completely unacceptable...)
> 
> That's interesting, and you have made me curious ... what's the threat
> model? And what is that key certifying?

Most relevant example, a system where users can register their
authorisation keys against a semi-automated authority which signs them
for trust by a third system. The root key that certifies the automated
authority keys is offline. Essentially a private root CA.

Now, this example is using x509 rather than pgp, but the threat model is
the same. Bad guys hack into the system, they can fake a trust
relationship, which in turn compromises a different system.

To put this into PGP terms, say Lachlann were Stallman (ok, I'm
stretching a bit!). Then say someone wants to impersonate Linus. If they
could root RMS's laptop they could certify a key in Linus's name and
many people would say "RMS is paranoid, so it really must be Linus!".
;-) But if RMS keeps his certification key offline, the best the hackers
can do is impersonate him - until he notices of course, at which point
he can roll his subkeys and draw a line under the incident.

Of course if a C-capable subkey were to exist, Linus would lose the
benefit of the airgap. RMS would still be able to roll his subkeys, but
that would also revoke all the trust relationships that depended on the
C-subkey. So both of them are worse off.

A

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160115/55f62508/attachment-0001.sig>