1 |
On 2/16/19 9:40 AM, Michał Górny wrote: |
2 |
> Therefore, I would like to propose creating two layers of Authority |
3 |
> Keys: L1 and L2. The L1 key would be protected strongly and used only |
4 |
> to sign L2 key. The L2 key would be used to sign actual keys. |
5 |
> |
6 |
> Users would only validate L1 key, and L2 would become valid implicitly. |
7 |
> If L2 ever becomes compromised, we'd revoke it and use L1 to sign a new |
8 |
> key. This way, GnuPG would appropriately stop trusting old L2 |
9 |
> and verify new L2 as valid. |
10 |
> |
11 |
> |
12 |
> Your comments? Anything I've missed? |
13 |
This is a good idea IMO |
14 |
(FWIW I think the Tor people hanlde in a similar manner the relay keys. The "L1" should be kept off-line dieally - or at least have a strong password - whilst L2 is signed by L1 valid for few weeks/months, depending on the choice of the user) |
15 |
|
16 |
-- |
17 |
Toralf |
18 |
PGP 23217DA7 9B888F45 |