On 05/12/2010 11:31 AM, Hauke Laging wrote: > do you think it would be useful to integrate some information about the > "usage > security" of a key into the key? <snip> > Of course, it is not a problem to generate several keys for different levels > of security. I would not want this key to be accepted for important > contracts. > For different level keys to be useful the users of public keys have to be > enabled to recognise this level (with cryptographic security). > > My idea is to define some levels which can be added e.g. as signature > notations to the key:
How about this? (I’ll reduce the security levels to two for my suggestion, but it should scale.): I generate two keys, one low-security (e.g., “Joel Salomon webmail”) and one high-security (“Joel Salomon smartcard”). I sign the low-security key with my high security key, but I don’t ask others to sign it; the only key I put into the web of trust is my high-security key. If the low-security key is compromised, can the attacker rename it (or otherwise fool people into thinking it’s my high-security key) without removing my (high-security) signature on the key? —Joel C. Salomon
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
