[Feature Request] Multiple level subkey

Damien Goutte-Gattat dgouttegattat at incenp.org
Sun Sep 10 19:47:07 CEST 2017


Hello,

On 09/09/2017 12:50 AM, lesto fante wrote:
> Tho achieve that, I think about a multilevel subkey system.

The OpenPGP specification already has some support for a hierarchical 
system, in the form of "trust signatures".

(Hereafter, I will use "trust-sign" as a verb to refer to the act of 
emitting a trust signature.)

For a 3-levels hierarchy as you describe, you could do the following:

a) You sign your level-3 key(s) with your level-2 key;

b) You trust-sign your level-2 key with your level-1 key, with a trust 
depth of 1.

c) Your correspondents trust-sign your level-1 key, with a trust depth of 2.

If your level-1 key is compromised, you revoke it, generate a new one 
and sign it with the level-2 key. The new level-1 key will be 
automatically valid for your correspondents.

If your level-2 key is compromised, you revoke it, generate a new one, 
tsign it with the level-1 key, and use it to re-sign your level-1 key 
(although if the level-2 key is compromised, you may want to assume that 
the level-1 key is compromised as well, and generate a new one). Again, 
the new level-2 key will be valid and trusted by your correspondents, 
since it bears a trust signature from the level-1 key.

The problem you may have with this method is that it depends on your 
correspondents *trust-signing* your level-1 key. If they use a normal 
signature instead (or a trust signature with a trust depth < 2), no 
ownertrust will be assigned to the level-2 key and therefore the level-3 
key will not be considered valid. So you have to tell your 
correspondents to *trust-sign* your level-1 key, but you cannot force 
them to do so.

This is kind of a design feature of OpenPGP, by the way: the user is 
always free to choose whom he wants to trust, and to what extent. This 
is by contrast with the X.509 world, where the fact that a certificate 
can only be signed by *one* authority gave rise to an ecosystem of CAs 
that are "too-big-to-fail" (or "too-big-to-choose-not-to-trust").


> Now the nice thing: i guess most of the people will use their phone
> to keep the level 2 key, but we know those are not the most secure
> stuff, especially when get old or wit some producer allergic to
> patch.

Slightly off-topic, but using a NFC-enabled token might be an easier way 
to deal with that particular concern. I know of at least two such 
tokens: the Yubikey NEO [1] and the Fidesmo Privacy Card [2].


Damien

[1] https://www.yubico.com/products/yubikey-hardware/yubikey-neo/

[2] http://shop.fidesmo.com/product/fidesmo-privacy

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170910/50a67985/attachment.sig>


More information about the Gnupg-users mailing list