[Feature Request] Multiple level subkey

Tue Sep 12 19:39:27 CEST 2017

> I understand that you're trying to make *your* life easier.

i think my user-case if one of the most common, especially if we want
to create something like a state-provided identity (on you
smartacard-document), that want want to make easily usable on everyday
services (remeber, all services is really "pointing" to the master
identity, so any subkey can be reissued without having to re-register
in the system.

>An OpenPGP certificate with a single master
certification-capable public key and several different
signing/encrypting/authenticating subkeys is already pretty complex

I am not aware of the implementation, but I see 2 issue there:

One is how to create a subkey of a subkey; as i know the maskerkey
sign the subkey, so we can do the same here, we have to define where
the information about the sign will be stored, or a flag to tell this
is a sub-sub key.

The second problem is the sharing of the keys and revoke certificate,
something that is already solved by keyserver.

>we have toolchains that are (starting to be) able to deal with that
situation.

If this is in the standard, and the standard is used, then is likely
that other tool will implement it. In general, we can be almost
completely retro-compatible if engineered in the right way (i'm
thinking, level 1 key is seen by legacy as invalid(?) key, level 2 as
master key, and level 2 as subkey of master. at this point, when we
revoke level 1 key, to keep retrocompatibility we always have to issue
a revoke for all level 2 key first.

>Keep it simple :)

How would you implement this?

> Please don't default to using a woman as the canonical example
non-technical/clueless user.

AFAIK housewife does not have any male translation, so it is
technically genderless :)

and why i can't use a female gender, but then discriminate against a role?

Sterile discussion aside, lets agree on a real definition like Average
Internet User, or AIU for short.

Characteristic (based on personal experience, so lets agree on that) are:

- its main device is the smartphone, where basically all the login are stored.
- generally stick with a "one password for all"
- is willing to make a bit more secure like 2 step authentication, but
setup is scary if take more than 2 passages
- understand the rick of phishing and opening attachment BUT
- open the .ppt sent by his friend in the email chain
- download that app too see X for free or get free life for the game Y
- always click the wrong download button before getting what he is looking for

Basically: he keep important stuff on his device. That has relatively
high possibility to be violated or lost, so WE need to make sure we
have a backup solution for him. (in my case, with the level1 key, the
user just have to revoke and reissue a new level 2 key! and he does
not even need to update the "password" or "key" to all its service, if
compatible with this system otherwise is the same old game as always.)

2017-09-12 18:01 GMT+02:00 Daniel Kahn Gillmor <dkg at fifthhorseman.net>:
> On Sun 2017-09-10 21:17:33 +0200, lesto fante wrote:
>> here i want to AUTOMATE, make this thing MORE EASY to use than a
>> common password approach.
>
> I understand that you're trying to make *your* life easier.  But the
> choices you make also have an impact on the people who look at your
> public keys.  An OpenPGP certificate with a single master
> certification-capable public key and several different
> signing/encrypting/authenticating subkeys is already pretty complex, but
> we have toolchains that are (starting to be) able to deal with that
> situation.
>
> If you try to introduce this multi-level arrangement, you're pretty
> likely to force *other* people (whose toolchains you have even less
> control over) into situations that will be LESS EASY and
> NON-AUTOMATABLE.  I don't think this is a great tradeoff for the
> ecosystem.
>
> Keep it simple :)
>
>> This approach MUST be "housewife proof";
>
> Please don't default to using a woman as the canonical example
> non-technical/clueless user.  The computer security community already
> has enough problems with gender bias.  It's unfriendly and unwelcoming
> in ways that we need to outgrow.  And it's wrong -- real-world
> housewives (and "moms" and "grandmas" to name a few other common sexist
> "female clueless user" tropes) are often expected to figure out many
> things that are outside of their field of expertise and then aren't
> given any intellectual credit for navigating complex and changing
> requirements and exepctations.
>
> If you need an example of someone who doesn't really understand things
> at a technical level but needs to have stuff Just Work for them anyway,
> i've seen Cory Doctorow suggest using "your boss" as the canonical
> example :P
>
> All the best,
>
>     --dkg