[Feature Request] Multiple level subkey

lesto fante lestofante88 at gmail.com
Sun Sep 10 21:02:55 CEST 2017 

(sent again because i forgot to add the mailing list in CC, sorry)

>If your level-1 key is compromised, you revoke it, generate a new one and sign it with the level-2 key. The new level-1 key will be automatically valid for your correspondents.
>
>If your level-2 key is compromised, you revoke it, generate a new one, tsign it with the level-1 key

this is exactly what i DON'T want. The level 2 key (or level 1, it
seems you mixed them up) is way less safe than the level 1, as the
level 1 is on your smart-card, in a safe place, and the level 2 is in
your PC, on your smartphone, and you basically carry it with you every
time, as you want to be able to access new services without the hassle
of having the smart-card with you.

With all the security problem connected to having the smart-card with
you; I assume keeping in in your house, or even in a security box, is
way more safe.

So again: trust goes in one direction only, the same direction of
security. Level 1 > Level 2 > Level 3

>Slightly off-topic, but using a NFC-enabled token might be an easier way to deal with that particular concern.

I have one of them.
Result:
 * I do not carry them with me, I'm to scared to lose it
 * The card does not have NFC
 * I don't have NFC on my emergency smartphone, so i need to also
carry the cable and hope the phone can handle it (driver + OTG usb)
 * If my smartphone/pc is compromised, when i connect the NFC they can
do whatever they want, even sign THEIR key and revoke mine. With my
system the level 2 key get revoked, and I know the device that have it
are compromised, so i will format/change them before issuing a new
level 2 key
 * I created some key on my pc and used them for a while for this
email, until the for an unfortunate accident i lost them and their
backup (remember to power up your USB key, they have an internal
battery that need to be recharged sometimes, should be 10 years...
should); if they would have somehow signed by my HW wallet (witch i
assume NOT having the same power-related issue), i could have issued a
new one, and uploaded them on the key server. Instead now i can't even
revoke them.

There are more, if i sit there and think about all frustration i had
to manage my keys, and for sure there is a lot to do in the wallet
side too.

2017-09-10 19:47 GMT+02:00 Damien Goutte-Gattat <dgouttegattat at incenp.org>:
> Hello,
>
> On 09/09/2017 12:50 AM, lesto fante wrote:
>>
>> Tho achieve that, I think about a multilevel subkey system.
>
>
> The OpenPGP specification already has some support for a hierarchical
> system, in the form of "trust signatures".
>
> (Hereafter, I will use "trust-sign" as a verb to refer to the act of
> emitting a trust signature.)
>
> For a 3-levels hierarchy as you describe, you could do the following:
>
> a) You sign your level-3 key(s) with your level-2 key;
>
> b) You trust-sign your level-2 key with your level-1 key, with a trust depth
> of 1.
>
> c) Your correspondents trust-sign your level-1 key, with a trust depth of 2.
>
> If your level-1 key is compromised, you revoke it, generate a new one and
> sign it with the level-2 key. The new level-1 key will be automatically
> valid for your correspondents.
>
> If your level-2 key is compromised, you revoke it, generate a new one, tsign
> it with the level-1 key, and use it to re-sign your level-1 key (although if
> the level-2 key is compromised, you may want to assume that the level-1 key
> is compromised as well, and generate a new one). Again, the new level-2 key
> will be valid and trusted by your correspondents, since it bears a trust
> signature from the level-1 key.
>
> The problem you may have with this method is that it depends on your
> correspondents *trust-signing* your level-1 key. If they use a normal
> signature instead (or a trust signature with a trust depth < 2), no
> ownertrust will be assigned to the level-2 key and therefore the level-3 key
> will not be considered valid. So you have to tell your correspondents to
> *trust-sign* your level-1 key, but you cannot force them to do so.
>
> This is kind of a design feature of OpenPGP, by the way: the user is always
> free to choose whom he wants to trust, and to what extent. This is by
> contrast with the X.509 world, where the fact that a certificate can only be
> signed by *one* authority gave rise to an ecosystem of CAs that are
> "too-big-to-fail" (or "too-big-to-choose-not-to-trust").
>
>
>> Now the nice thing: i guess most of the people will use their phone
>> to keep the level 2 key, but we know those are not the most secure
>> stuff, especially when get old or wit some producer allergic to
>> patch.
>
>
> Slightly off-topic, but using a NFC-enabled token might be an easier way to
> deal with that particular concern. I know of at least two such tokens: the
> Yubikey NEO [1] and the Fidesmo Privacy Card [2].
>
>
> Damien
>
> [1] https://www.yubico.com/products/yubikey-hardware/yubikey-neo/
>
> [2] http://shop.fidesmo.com/product/fidesmo-privacy
>

More information about the Gnupg-users mailing list