multiple subkeys and key transition

Ben McGinnes ben at adversary.org
Thu Dec 9 21:55:01 CET 2010


On 10/12/10 6:22 AM, J. Ottosson wrote:
> 
> But you do know what purpose a smartcard type of device is for, right? 

Yep, they were standard issue when I worked at Sun.

> Protection of some kind of data, most often a key or several of
> them. We use hardware security devices of various sorts in many
> situations where high security is a requirement. We use them for
> tokens, crypto keys and we use them in systems processing our PIN
> handling in the financial systems etc (like the IBM 4758 etc).

The Sun ones are authentication tokens, combined with RFID security
passes.

> Since protection of the private key is the single most important
> issue for any openpgp user, it is very natural to think about
> smartcard, since it is the best way to protect a key from
> disclosure.  Then, after having made the analysis of threats and
> cost one may opt to not use it anyway, as most of us do, at least
> partly and for some keys.

Yeah, I can see the value of them, but I don't really see how they
would make enough addition to my security requirements to justify
either the monetary or operational expense (i.e. additional
complication).  If I piss off a TLA or the local equivalent (a couple
of them have four letters) then they've got other ways of getting what
they want.

> Unless you are using some kind of trusted computer system you simply
> do not have that kind of control over what is or is not done on your
> computer.

Not in the sense you mean.

> Then when it comes to media that the key is written onto and has
> ever been written onto, well that's often a bigger issue than most
> people tend to think.  Anyone having used EnCase and tools alike it
> know what I mean. It all depends, partly on luck, if someone raids
> your home, if you're owned or not. Do you remember any old floppys
> that your earlier keys were ever saved to? Most don't.

Actually, since writing what I did earlier, I did a quick
double-check.  And I do recall everything the keys were ever backed up
to and I really do know exactly where they all are.  I was quite
impressed given the age of the key.  ;)

> It all comes down to what opponent we're having. So, it's partly a
> question about what threat model we're sitting in.

It always does.

> A normal user like you and me are in most circumstances ok with
> an ordinary keyring on a portable USB stick

Highly unlikely I'd ever do this.

> or perhaps in a Truecrypt container for extra protection but others
> are not.

This is more viable, though.

> And I've been attending tempest lab tests too, so I'd say that most
> anything many users think is impossible or only happens on film is
> not even close to the limits of what some TLAs are readily doing.

I've no doubt that the spooks can do things we'd consider amazing, but
I'm equally sure that I wouldn't be considered at all threatening to
them.  Possibly threatening to politicians, but that's an entirely
different kettle of fish.

> A clue on that can also be picked up by looking at the counterintel
> procedures for sigint by the KGB during the cold war. If those types
> of guys are after you, a hardware security type of device is of
> limited protection to you too btw.

I'm not trying to defeat spooks or play at their level.  It doesn't
really hold enough interest for me because it would require living in
a way that would be just too damn depressing.  Contrary to most films,
it is *not* cool.

> I can say this much, there exist smartcard research papers today,
> that are classified since a decade back or more and not seen by more
> than 10-20 people, and they are so for a reason.
>
> So actually, nothing is safe come to think of it. But that't too
> depressing so we pretend smartcards are, from a practical
> perspective.

Don't you hate it when you get to the end of what seemed a well
constructed argument, only to consider a possibility which presents a
huge gaping hole in it?  ;)

I take your points, though, there are certainly valid reasons for
using smartcards.  So it would be clearer for me to say that I don't
believe they suit my circumstances.

> A few related links:

Thanks, I was aware of some of them, but not a couple (the first and
last).


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20101210/df7e9149/attachment.pgp>


More information about the Gnupg-users mailing list