[Feature Request] Multiple level subkey
lesto fante
lestofante88 at gmail.com
Sun Sep 10 23:32:51 CEST 2017
>You revoke the level-2 key, that will be enough to invalidate the signature on the level-3 key.
>I merely pointed out what is already feasible with the current state of the OpenPGP specification and the GnuPG implementation.
you are right, after all if it is there, it can be automated. The real
question is, would this break/interfere with something else?
Your solution is quite different from the other and i need more time
to evaluate it, but this is exactly why I'm there.
>Assuming the level-1 key is not on that device, then no.
just to be sure I don't misunderstand, the level 2 key cannot revoke
the level 1 key, right?
>I do not really care for this "user is an idiot, we cannot trust him/her to do the right thing so we should do it for him/her" approach.
i do. EVERYBODY is an idiot, someone is idiot every day, someone after
10h of works, someone only when all the planets are aligned. But it
WILL happen to the majority of the population, even the best: and the
best cure is the prevention.
My goal is to bring good privacy at the housewife, while making the
process even more easier (as it will be as easy as using a wallet).
2017-09-10 21:50 GMT+02:00 Damien Goutte-Gattat <dgouttegattat at incenp.org>:
> On 09/10/2017 09:17 PM, lesto fante wrote:
>>>
>>> If your level-3 key is compromised, you revoke it, generate a new one and
>>> sign it with the level-2 key. The new level-3 key will be automatically
>>> valid for your correspondents.
>>
>>
>> what if i lose the level-2 key too? imagine level-2 and level-3 key
>> are both on my phone, with NO other copy of the level-2 and level-3
>> private key.
>> Can i revoke all of them?
>
>
> You revoke the level-2 key, that will be enough to invalidate the signature
> on the level-3 key.
>
>
>> If my device is in the hand of a bad person, will he be able to
>> compromise my level-1 key
>
>
> Assuming the level-1 key is not on that device, then no.
>
>
>> Also i understand the key-level truthiness, but here i want to
>> AUTOMATE, make this thing MORE EASY to use than a common password
>> approach.
>
>
> I merely pointed out what is already feasible with the current state of the
> OpenPGP specification and the GnuPG implementation.
>
>
>> This approach MUST be "housewife proof"; her son/truth person will set
>> up the sign key for her and then just tell her to keep the smartcard
>> in a safe place. Then to choose a safe password for the SIGN key. That
>> is the only password out housewife need, unless she will loose or get
>> a compromised phone; at this point, she will call the trust person
>> that will take care revoke, and then issuing a new SIGN key on her new
>> phone. No need to go and reset ALL of her account and such; all the
>> key she had has been already replaced :)
>
>
> I do not really care for this "user is an idiot, we cannot trust him/her to
> do the right thing so we should do it for him/her" approach.
>
> Damien
>
More information about the Gnupg-users
mailing list