[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenPGP Sub Keys (Was: key flag for authentication)

To: ietf-openpgp@xxxxxxx
Subject: Re: OpenPGP Sub Keys (Was: key flag for authentication)
From: "Imad R. Faiad" <matic@xxxxxxxxxxxxxx>
Date: Mon, 16 Jun 2003 14:20:42 +0200
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
References: <> <>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings,

On Mon, 16 Jun 2003 09:18:09 +0100, you wrote:

>Imad R. Faiad wrote:
>> I would like to propose that signing sub keys be disallowed 
>> in OpenPGP.
>
>This would stop people keeping their master signing key on a more secure
>offline machine, and using it to sign shorter-lifetime signing subkeys
>which can be used on a day-to-day basis to sign messages :(
>
If you are so paranoid, why don't you keep all your PGP keys
in a "more secure offline machine" and use PGP solely on it?
Should you have a need for shorter-lifetime signing keys,
just generate master keys explicitly for that purpose.
>> As I understand it, sub keys are only justified in the following
>> circumstances:-
>> 1) When the public key algorithm does not support encryption 
>> (e.g. DSA).
>> 2) In agreement with a school of thought, which recommends that
>>    it is good practice not to use the same key for signing and
>>    encryption.
>
>(2) is vital in countries where decryption but not signature keys can be
>seized by law enforcement agencies and others:
>http://www.acsac.org/2000/papers/47.pdf
>
If indeed you have such needs, there is nothing to preclude from generating
two distinct keys, one for signing and the other for encryption.
>> Any other arguments beyond the above, are just 
>> eccentricities, and will be better addressed by creating another key.
>
>Another "eccentricity" I am fond of is short-lifetime encryption subkeys
>that can be deleted once they have expired, reducing the impact of the
>above-mentioned key seizure powers. I currently (manually) generate such
>keys valid for one month; if I ever got round to automating this, I
>would go for a week or less...
>http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA127BBD5
>
I think there is a very serious flaw in the OpenPGP WOT when
it comes to v4 keys, sub keys literally have blown a hole in it,
and created a nice backdoor resulting in what I call a Web of Mistrust...

Whatever one feels about sub keys, I think that this WOT
issue ought to be addressed.

my 2c

Best Regards

Imad R. Faiad


-----BEGIN PGP SIGNATURE-----
Version: 8.0.2irf
Comment: KeyID: 0xBCC31718833F1BAD
Comment: Fingerprint: 75CD 96A7 8ABB F87E  9390 5FD7 2A88 4F45

iQEVAwUBPu2zebzDFxiDPxutAQIQngf9GB9yLk1k1MzwdFUWQe31MlTeVyO24pQh
VXzKv4OGOsswa2eKJzSnCfNVapHEjKIWKeqaAQVifEP6Ifk6yav6lzxT9PlwWNn7
abmUmfuWK9oybzl/eknCiZ6BjwNIlhLwawrVMlSpSWpDoAWstIMzehi4egi85w7f
Ytmi9VCqxG+KfLyf0rwWygSpO/N1N/HKevLlx3tpr6HTXeRh+5TIa2n3G9P9hAKr
ZL8Fs4g++YWqju3YA4f8/c7nfPGqSd69JsgvXkhfPJ/Hm8rG3rMCaRkuQxaDCIUk
ut4zypqmjK2PXnAah7HC8INX9Fq2mlR36ymB0Um6C13Qo3fX1hujNw==
=wTgt
-----END PGP SIGNATURE-----

Follow-Ups:
- RE: OpenPGP Sub Keys (Was: key flag for authentication)
  - From: Ian Brown

References:
- OpenPGP Sub Keys (Was: key flag for authentication)
  - From: Imad R. Faiad
- RE: OpenPGP Sub Keys (Was: key flag for authentication)
  - From: Ian Brown

Prev by Date: Re: OpenPGP Sub Keys
Next by Date: Re: OpenPGP Sub Keys (Was: key flag for authentication)
Previous by thread: Re: OpenPGP Sub Keys
Next by thread: RE: OpenPGP Sub Keys (Was: key flag for authentication)
Index(es):
- Date
- Thread