Re: hardware tokens and subkey rotation [was: Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)]

To: debconf-discuss@lists.debian.org
Subject: Re: hardware tokens and subkey rotation [was: Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)]
From: Thomas Goirand <zigo@debian.org>
Date: Tue, 17 Apr 2018 09:44:24 +0200
Message-id: <[🔎] aafb7d87-668a-cfbd-052e-82605b9531ff@debian.org>
In-reply-to: <[🔎] 87d0yyrdcf.fsf@fifthhorseman.net>
References: <[🔎] 50ce65ed-2173-7b68-9105-d69755122848@debian.org> <[🔎] e602ce6d-8737-21c2-b583-315145fe3782@debian.org> <[🔎] CAKcpw6XmB4WWjU0z8-_4tfg8wuzRN6DTv-9azVAMrRnV2fekfw@mail.gmail.com> <[🔎] 38813318-f129-f6d0-436c-6b6be3dec25b@debian.org> <[🔎] 871sfgrm7f.fsf@fifthhorseman.net> <[🔎] 12122433-80a1-9aa5-9443-2cc48a418d0b@debian.org> <[🔎] 87d0yyrdcf.fsf@fifthhorseman.net>

On 04/17/2018 12:33 AM, Daniel Kahn Gillmor wrote:
> On Mon 2018-04-16 22:23:57 +0200, Thomas Goirand wrote:
>> Easy: we just make the new subkeys on a new Yubikey, and keep 2 keys for
>> a short time (a month or 2, which is enough for the Debian keymaster to
>> update the keys). That's ok because we have lots of spare Yubikeys. I
>> guess it should be a way more annoying if you don't.
> 
> hm, so are you encouraging people who get these hardware tokens to get
> two of them

This is what we do here because we have lots of Yubikeys available, I'm
not saying this fits everyone. Having expiration dates on subkeys is a
good idea for everyone, but maybe generating new subkeys when they
expire isn't (ie: just changing the expiration date 1 month before they
expire is enough).

>> After that period, we can still use the old saved .gnupg that we store
>> on an encrypted USB key, together with the private part of the master
>> key. We got to make sure we have access to the private part of the
>> master key to exchange key signature anyways, even if the point of
>> having subkeys is to *not* store it on our laptops.
> 
> i see, so reading old encrypted messages involves exposing the master
> secret key as well?

Yes, though it should be an exception, the general use case is that it
should not happen: if you publish the new subkeys early enough, new
messages will be using the new subkey.

> The most important security added by rotating your
> decryption-capable subkey comes in when you can actually *delete* the
> private part of the subkey.  When you can do that, then anyone who has
> captured encrypted messages to that subkey can no longer force the
> secret key out of you to decrypt the message.

Oh indeed!

Then probably we should just accept the fact that, when someone encrypts
a message with the old key, we can't read it, and we have to ask for a
new message to be sent. I don't think that's a big problem.

Cheers,

Thomas Goirand (zigo)

Reply to:

Follow-Ups:
- Re: hardware tokens and subkey rotation [was: Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)]
  - From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

References:
- Get your free sponsored by Infomaniak (available for free for any DD and DM)
  - From: Thomas Goirand <zigo@debian.org>
- Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)
  - From: Thomas Goirand <zigo@debian.org>
- Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)
  - From: YunQiang Su <wzssyqa@gmail.com>
- Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)
  - From: Thomas Goirand <zigo@debian.org>
- Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)
  - From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)
  - From: Thomas Goirand <zigo@debian.org>
- hardware tokens and subkey rotation [was: Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)]
  - From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Prev by Date: Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)
Next by Date: Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)
Previous by thread: hardware tokens and subkey rotation [was: Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)]
Next by thread: Re: hardware tokens and subkey rotation [was: Re: Get your free Yubikey sponsored by Infomaniak (available for free for any DD and DM)]
Index(es):
- Date
- Thread