Re: [openpgp] Clarify status of subkeys with certification use

[Daniel Kahn Gillmor <dkg@fifthhorseman.net>]

On Fri 2018-05-25 12:26:54 +0200, Leo Gaspard wrote:
>
> Another use case supporting this opinion: certification subkeys are also
> a way to increase the security of an offline OpenPGP key, as with them
> it becomes possible to put the master key behind a diode while still
> being able to certify keys, and only ever move data out:

you might have made the master key "more secure", but you've done so by
transfering the capabilities of the master key (certification) out to
the less-controlled keys.  what's the win here?  secret keys are not in
themselves important objects -- what's important is the capabilities
that the network assigns to the corresponding public keys.

Also, when some certification in a chain has an expiration date on it,
is the whole chain of certifications bound by the narrowest
("bottleneck") expiration date, or is there some other governing
principle?

And when a leaf certifiation expires earlier than marked because some
middle element in the chain becomes unusable (remember, subkey
expiration dates can change; subkeys can be revoked), how would you
present this change to the user?

And further still: how many levels deep should such a certification
chain go?

I think it's pretty easy to argue "0 levels" (i.e. "no
certification-capable subkeys") for simplicity of implementation and
usability concerns.

I'd suggest that no implementation is willing to argue for "∞ levels"
because at some point the chain of verification becomes too expensive to
cope.

Are you arguing for some particular limited level of depth?  if so, how
do you justify that level?

           --dkg