Re: Is it possible to certify (sign) a key using a subkey?

2017-08-18 Thread Leo Gaspard 
On 08/18/2017 06:33 PM, Peter Lebbing wrote:>> In my own and other
people's keyrings and in key servers.
> 
> The impact of you doing this on your own seems vanishingly small. And
> the ratio of disk space used by a public keyring versus everything else
> that is commonly on a computer isn't different. If I were looking for
> optimizations, I'd turn to processing time of a public keyring, not its
> size.

Just for the record, there seem to me like there may be another reason
for separate subkeys for certification, namely the one of security of
the masterkey.

Having a C subkey would allow to keep the masterkey entirely isolated
and to only use a diode to export C subkeys to a “keysigning machine”,
that would not compromise the masterkey by its compromise. Then, in case
of compromise of the keysigning machine, it'd be possible to revoke the
C subkey and create another one, then re-sign all the previously signed
keys with this new C subkey, all without losing the signatures on the
masterkey.

This is quite different from “airgapped computers” that use USB drives
to transit to-be-signed keys, as the USB stack in itself (or the
filesystem, or gnupg's certification operation) could be compromised;
the most obvious attack scenario being one based on badusb-like
compromising the key's firmware to make it act like a keyboard typing
the commands required to exfiltrate the masterkey.

Then, it's quite sad if C subkeys aren't widely supported, but I guess
that's another issue (and maybe it should be clearly spelled out in the
RFC whether they must be supported? especially with rfc4880bis in the
works, now could be a good time to choose)



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Is it possible to certify (sign) a key using a subkey?

2017-08-18 Thread Peter Lebbing 
On 18/08/17 16:16, Mario Castelán Castro wrote:
> I really do not follow your argument (if any).

Since making certifications using subkeys is extremely uncommon, there's
a good chance people will encounter issues when checking such a
certification. Since the purpose of a public certification is for other
people, not you, to check it, you are not doing them a service.

> In my own and other people's keyrings and in key servers.

The impact of you doing this on your own seems vanishingly small. And
the ratio of disk space used by a public keyring versus everything else
that is commonly on a computer isn't different. If I were looking for
optimizations, I'd turn to processing time of a public keyring, not its
size.

> GNU PG should already have this feature.

I disagree. The de facto standard is that certifications are issued by
the primary, even if this might not be encoded in the RFC (I didn't
check, though). You could create an ECC primary if you really want to
issue certifications with ECC. Do note that there are many OpenPGP
clients that do not support ECC yet.

Cheers,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Is it possible to certify (sign) a key using a subkey?

2017-08-18 Thread Mario Castelán Castro 
On 2017-08-17 23:25 -0400 Daniel Kahn Gillmor 
wrote:
>I still don't think this is a good justification, fwiw.  If you think
>you'll be making these certifications for other people to consume,
>please do those other people a favor and just use your primary key.
>The OpenPGP world has a habit of trying to make things too fancy.  Keep
>it simple!

I really do not follow your argument (if any). Whether I sign with my
primary key or a subkey is a low level detail. There is no any additional
difficulty encountered by the user who verifies a certificate made by a
subkey, assuming he is using a capable OpenPGP implementation.

This is a low level detail that is for the most abstracted from the user by
the implementation (GNU PG), just as users need not know number theory in
order to use public key algorithms, they need not be concerned of whether
I use my primary key or a subkey for certifying.

>> Also, using a subkey for signing still has a size advantage. If you
>> have, say, 5 keys signed by my ECC subkey. there will be less size  
>
>Where are you trying to save these bytes?

In my own and other people's keyrings and in key servers.

>I don't know of a way to change usage flags on an existing subkey with
>GnuPG without modifying the source.
>
>You can add a new subkey with your chosen usage flags in --expert mode,
>though.  But i don't recommend it.

Like I said in a previous message, even using “gpg --expert
--edit-key” (GNU PG version 2.1.18 as shipped in Debian 9), I do not get
the option to toggle the certify capability when adding a new subkey, not
even if I choose the option “choose your own capabilities”.

Hmm... it looks like I will have to do some programming. This is not good.
GNU PG should already have this feature.

Regards.


pgp_X7CTrVKt8.pgp
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users