published key security levels

[Hauke Laging]

Hello,

do you think it would be useful to integrate some information about the "usage 
security" of a key into the key?

Keys are used differently. The one I use to sign this email is my key for 
nearly everything. It is (or rather: was) stored on several PCs which are 
rather comfortable than high security systems (KDE). Offline security is high 
but few applications only are denied access to ~/.gnupg (by AppArmor). It is 
not probable but far from impossible that this key is compromised. That is OK 
for me because I believe that it is most important to have reasonable security 
available everywhere. Somebody wrote here today: "RSA is better than nothing". 
That's the point.

Of course, it is not a problem to generate several keys for different levels 
of security. I would not want this key to be accepted for important contracts. 
For different level keys to be useful the users of public keys have to be 
enabled to recognise this level (with cryptographic security).

My idea is to define some levels which can be added e.g. as signature 
notations to the key:

0: unknown
1: for testig purposes; private key available to several people
2: low security: key is used on non-trustworthy systems (e.g. for using 
webmail services from public systems)
3: medium security; key is used on trustworthy systems only
4: hardware security; key is used on smartcards only (including offline 
backups)
5: paranoid: the key is on a smartcard; signatures and certifications are made 
on systems which are "guaranteed" to be non-compromised (booting from DVD, not 
network connection) only.

The main problem IMHO is: This information needs to be covered by 
certifications to be really useful. If it is not, this could happen: A low 
security key becomes available to an attacker. The attacker is capable of 
changing the notation. A communication partner gets the changed key with valid 
signatures and regards it as a high security key.

Is there any possibility to get such additional key parts signed without 
changing the key format (or putting that into the comment field)?

An interesting question is: What am I supposed to do if somebody wants me to 
sign his key at level 4 or 5 if I know that this key is or has been used in 
other ways, too? ;-)

The currently discussed problem of selecting the the right subkey(s) would 
grow to selecting the right (primary) key, of course. This could be solved by 
defining global and per addressee levels. If a certain message needs higher or 
allows lower security then the appropriate key would have to be selected 
manually.


How would this affect the usage of gpg? I tried to make an organization 
support the usage of gpg by educating its members and offering certification. 
One of the arguments against this was: "People cannot read their emails on 
their mobile devices any more then."

This is not only a technical problem. It should be up to the sender to decide 
which level of privacy he demands for his message. So the sender could decide 
that it is OK for him that the recipient will not be able to read the message 
everywhere but only in a reasonably secure environment (thus often later). If 
a message is to not be readable in certain circumstances then it is not an 
agument that it isn't. It's not a bug, it's a feature.

On the other hand the sender could decide that he does not want to send a 
postcard security level message but that webmail access is OK for him. He 
would use a level 2 key (too) then.


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100512/d50dc691/attachment.pgp>