[Feature Request] Multiple level subkey

lesto fante lestofante88 at gmail.com
Sun Sep 10 21:17:33 CEST 2017


>If your level-3 key is compromised, you revoke it, generate a new one and sign it with the level-2 key. The new level-3 key will be automatically valid for your correspondents.

what if i lose the level-2 key too? imagine level-2 and level-3 key
are both on my phone, with NO other copy of the level-2 and level-3
private key.
Can i revoke all of them?
If my device is in the hand of a bad person, will he be able to
compromise my level-1 key meanwhile I get in contact with someone that
can revoke the level-2 key (and so all of its subkey)?

Also i understand the key-level truthiness, but here i want to
AUTOMATE, make this thing MORE EASY to use than a common password
approach.
This approach MUST be "housewife proof"; her son/truth person will set
up the sign key for her and then just tell her to keep the smartcard
in a safe place. Then to choose a safe password for the SIGN key. That
is the only password out housewife need, unless she will loose or get
a compromised phone; at this point, she will call the trust person
that will take care revoke, and then issuing a new SIGN key on her new
phone. No need to go and reset ALL of her account and such; all the
key she had has been already replaced :)


2017-09-10 20:39 GMT+02:00 Damien Goutte-Gattat <dgouttegattat at incenp.org>:
> On 09/10/2017 08:30 PM, lesto fante wrote:
>>>
>>> If your level-1 key is compromised, you revoke it, generate a new one and
>>> sign it with the level-2 key. The new level-1 key will be automatically
>>> valid for your correspondents.
>>>
>>> If your level-2 key is compromised, you revoke it, generate a new one,
>>> tsign it with the level-1 key
>>
>>
>> this is exactly what i DON'T want. The level 2 key (or level 1, it
>> seems you mixed them up)
>
>
> Sorry, I did mix level-1 and level-3 keys in the first sentence you're
> quoting. What I meant was:
>
> If your level-3 key is compromised, you revoke it, generate a new one and
> sign it with the level-2 key. The new level-3 key will be automatically
> valid for your correspondents.
>



More information about the Gnupg-users mailing list