Subject: Re: wanted: educate us please on key dongles



On Fri, Aug 11, 2017 at 04:52:36PM -0300, Henrique de Moraes Holschuh
wrote:
> On Fri, 11 Aug 2017, Jonathan McDowell wrote:
> > I see no reason why the master key should ever be used for
> > signatures in such a scenario, so it seems sensible to indicate that
> > it is purely for certification.
>
> Well, it can be useful. A SC master key (Sign and Certify) can be
> used to sign messages explaining to someone else the need for a new
> subkey when you had to revoke every subkey, when just adding the
> subkey itself is not enough, or when adding subkeys is subject to a
> delay.
>
> Suppose you forget to renew/upload a new subkey in your Debian key
> set, and the current subkeys expire: it takes time for a new subkey
> upload to clear keyring maint. During that time, an SC master key can
> be used in an emergency to sign a vote or an upload.

I see this as a failure to manage the signing subkey correctly, and a
certification only master key as helping to prevent the temptation to
just make use of the master for signing (and potentially avoid jumping
through all of the hoops required to use it securely).

(That said, I'm very conscious that a lot of crypto comes down to a set
of tradeoffs and I'm all in favour of people who have strong informed
opinions about how to do things differently doing those things if they
want. But if you ask me for a base line set of advice to J. Random DD
I'd still go with the certification only master.)

J.

--
... And you can't help my life. But you can hide the knives.

...



Programming list archiving by: Enterprise Git Hosting