[Feature Request] Multiple level subkey
Leo Gaspard
leo at gaspard.io
Sun Sep 10 17:28:08 CEST 2017
On 09/10/2017 04:36 PM, Daniel Kahn Gillmor wrote:>> My user case is
simple; maintain my identity even if my master key is
>> compromised. Tho achieve that, I think about a multilevel subkey
>> system.
>
> I'm not sure how the proposed multi-level system is an improvement over
> an offline primary key. It's certainly more complicated, but complexity
> is a bug, not a feature. can you explain why you think it's better?
>
> with an offline primary key, you only put subkeys on any device that's
> used regularly.
I can think of at least one use case it covers in addition to an offline
masterkey (but that would also be covered by C subkeys): the ability to
sign others’ keys without using your masterkey. This would allow to not
have to expose the keysigning device to untrusted data/software/hardware
that would carry the to-be-signed key.
It would also make an offline masterkey much more convenient to use,
given one could just do like it never existed (even for keysigning),
except once the subkeys become compromised -- and at that time, the
recovery operation would be 1/ re-generate subkeys, 2/ re-sign all keys
you had signed with your previous C subkey.
What do you think about this? (maybe I should just raise the issue on
rfc4880bis ML, but as the question arose here…)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170910/e9fb4e88/attachment-0001.sig>
More information about the Gnupg-users
mailing list