[Feature Request] Multiple level subkey

lesto fante lestofante88 at gmail.com
Sun Sep 10 17:23:51 CEST 2017 

Thanks!

I though a bit more and I have now a bit more clear ideas.

I want a "identity" key; this is the most important key and should be
super-secure, like a hw wallet/card. In the best case scenario it is used
to issue a master key, and never used again.

Then we have one (or more) master key; those are used to issue and revoke
subkey (application key). Those will be a bit less secure, as they will
stay on one or more user device regularly in use (I plan to use the
smartphone as central key storage and manager).

Then the application are what are used by the application. Notice they all
refer to the main identity; changing one of the key does not require
nothing else than revoke the old key and issue a new one.
The idea is to make the use and generation of subkey transparent and not
requiring the super-secure identity key; the master key is used, and if
compromised the super-secure identity key will revoke the master key and
issue a new one. Then automatically (depending on settings, but bear with
me) opening any application will trigger the recreation of a subkey
dedicated; as they are still rapresenting the same identity, no question is
asked by the service, as recognize the user.


The p2p system would be a nice way to share PUBLIC key and REVOKE between
peers.

Now, I have been pointed out that the sanity card in EU (for non EU; all EU
has the same sanity card.. So you can travel and not have to worry) come
with a certificate inside!

We could use that certificate, to sign a second certificate that sing our
master key. The second certificate is needed because that way we can revoke
it without having to revoke the identity (which could be difficult to
explain to your authority, even if you could "loose" the card, and then a
new certificate *should* be issued, but I don't know how it work. Also
seems the CA are regional, so there are multiple server for country)


My final goal is to have a secure key in case of big issue, and a series of
less secure key to make using them seminless, actually even more easy than
using a password or a password wallet!


On Sun, Sep 10, 2017, 17:03 Daniel Kahn Gillmor <dkg at fifthhorseman.net>
wrote:

> On Sat 2017-09-09 00:50:56 +0200, lesto fante wrote:
>
> > Maybe this is not the right place to discuss about this, please be
> > kind with a noob.
>
> this is the right place, welcome!
>
> > My user case is simple; maintain my identity even if my master key is
> > compromised. Tho achieve that, I think about a multilevel subkey
> > system.
>
> I'm not sure how the proposed multi-level system is an improvement over
> an offline primary key.  It's certainly more complicated, but complexity
> is a bug, not a feature.  can you explain why you think it's better?
>
> with an offline primary key, you only put subkeys on any device that's
> used regularly.
>
> That said, even offline primary keys aren't super easy-to-use at the
> moment, more work could be done to streamline that use case.
>
> > ps. is anyone aware of some kind P2P system to share keys?
>
> are you asking about secret key sharing (between devices controlled by
> the same person) or public key distribution?
>
>     --dkg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170910/a8c69398/attachment.html>

More information about the Gnupg-users mailing list