ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] Clarify status of subkeys with certification use

2018-05-25 16:54:56
from [Leo Gaspard] [Permanent Link] 
On 05/25/2018 05:25 PM, Kristian Fiskerstrand wrote:

On 05/25/2018 12:26 PM, Leo Gaspard wrote:

Another use case supporting this opinion: certification subkeys are also
a way to increase the security of an offline OpenPGP key, as with them
it becomes possible to put the master key behind a diode while still
being able to certify keys, and only ever move data out:
 1. On the machine with the master key, generate a certification subkey
 2. Move the certification subkey to another system, less trusted
 3. Push the to-be-signed key to this other system
 4. On this other system, certify the to-be-signed key
 5. Rotate the certification subkey from time to time to be able to
revoke one were it compromised


I'm not sure I buy this argument, the WoT is expected to be long-term,
if needing to do rotation of certification subkey, it sounds like you're
making it more temporary of sorts. Wouldn't just having a separate CA
key that is fully trusted (presumably locally signed and not exportable)
accomplish much of the same for more "temporary" signatures, i.e those
not exported to view of the rest of the ecosystem / external users?


Sorry if I was unclear, the idea was not to make the certification
subkey temporary, but to only use it for a given period of time, and
then delete it (while not revoking or expiring it).

This way so long as there is no compromise of the certification subkey
things stay exactly the same, but when a certification subkey is
compromised (eg. because it had to parse a malformed public key to sign
it, or due to an attack on the way the data was transferred or any other
attack), it can simply be revoked, without compromising the master key
and its UID signatures.

The idea of rotation was thought to not invalidate all the
previously-made signatures in case of compromise, but an alternative
could be to not rotate so long as the certification subkey is not
compromised, and on certification subkey compromise tighten the WoT by
that much.

Sorry for the wording of point 5, it was not clear at all indeed.
Hopefully it's better now.

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] Clarify status of subkeys with certification use, Daniel Kahn Gillmor
Next by Date:  Re: [openpgp] Clarify status of subkeys with certification use, Leo Gaspard
Previous by Thread:  Re: [openpgp] Clarify status of subkeys with certification use, Kristian Fiskerstrand
Next by Thread:  Re: [openpgp] Clarify status of subkeys with certification use, Daniel Kahn Gillmor
Indexes:  [Date] [Thread] [Top] [All Lists]