[Feature Request] Multiple level subkey

lesto fante lestofante88 at gmail.com
Sat Sep 9 00:50:56 CEST 2017 

Hello,

Maybe this is not the right place to discuss about this, please be
kind with a noob.

My user case is simple; maintain my identity even if my master key is
compromised. Tho achieve that, I think about a multilevel subkey
system.
Please i would love to hear any alternative.
For the discussion purpose, we don't talk about HOW revoke and public
key are exchanged between peers; it could be with existing key server,
or other way.

I would like to set up a system relatively secure, but with no hassle
for everyday use.

The idea is the following:
A level 1 key, kept very safe (hw or paper wallet wallet). This key
represent the identity is hopefully used only once to generate one
subkey "level 2".

The subkey level 2 is saved on one (or more, but trusted) main device.
This key will be used to generate its own subkey (level 3), those
subkey are used for various application and distributed between device
using relatively unsafe method; losing, revoking or issuing a new key
for a new application should be easy and transparent for the user.

the idea is that the level 2 key is used for most of the normal
operation, even in case one or more level 3 key are compromised;
please remember that all they key just represent the identity of the
level 1 key.

This is very similar to the chain of trust with certificate.

Now the nice thing: i guess most of the people will use their phone to
keep the level 2 key, but we know those are not the most secure stuff,
especially when get old or wit some producer allergic to patch.

In the unlucky case the level 2 key get compromised, the user can use
the level 1 key to:
1. revoke the level 2 key. This of course will automatically revoke
the level 3 key that are direct subkey of that level 2 key.

2. issue a new level 2 key. At this point the main device will issue
new level 3 key to replace all the key revoked in the step above.

please note a user could have multiple level 2 key active; this could
be for different reason, like updating to different algorithm still
not fully supported.

Lesto

ps. is anyone aware of some kind P2P system to share keys?

More information about the Gnupg-users mailing list