| 1 |
On 2/16/19 9:40 AM, Michał Górny wrote: |
| 2 |
> Therefore, I would like to propose creating two layers of Authority |
| 3 |
> Keys: L1 and L2. The L1 key would be protected strongly and used only |
| 4 |
> to sign L2 key. The L2 key would be used to sign actual keys. |
| 5 |
> |
| 6 |
> Users would only validate L1 key, and L2 would become valid implicitly. |
| 7 |
> If L2 ever becomes compromised, we'd revoke it and use L1 to sign a new |
| 8 |
> key. This way, GnuPG would appropriately stop trusting old L2 |
| 9 |
> and verify new L2 as valid. |
| 10 |
> |
| 11 |
> |
| 12 |
> Your comments? Anything I've missed? |
| 13 |
This is a good idea IMO |
| 14 |
(FWIW I think the Tor people hanlde in a similar manner the relay keys. The "L1" should be kept off-line dieally - or at least have a strong password - whilst L2 is signed by L1 valid for few weeks/months, depending on the choice of the user) |
| 15 |
|
| 16 |
-- |
| 17 |
Toralf |
| 18 |
PGP 23217DA7 9B888F45 |
Archives