I was really in favour of the Alex Cabal method, obviously.
I ended up basing the presentation on his method, but advocating the use of short lived encryption and signing keys for travel. Also spelled out the advantages of cross-signing your temporary keys with your master key to extend your web of trust.
The basic steps are:
- Create master key with only a signing sub key.
- Use the master key for key signing, revolving sub keys, and creating new keys.
- Keep the master key offline in a safe.
- Using the master key, create a laptop key with encryption and signing sub keys. Short expiration date.
- Cross sign the laptop key with the master. Web of trust complete.
- Create other short term keys for travel that expire when travel is done.
Solves: Impersonation, loss of signatures, future confidentiality breach, reduction of reputation of keys signed by you
Helps solve: Past confidentiality breach to the extent you expire keys regularly
What it doesn't solve is apathy.
No comments:
Post a Comment