[Pki-clean-room-devel] a few thoughts

Neal H. Walfield neal at walfield.org
Wed Dec 21 20:25:09 UTC 2016 

Hi,

I think this is a great effort!  One of the things that most improves
security is the use of a smartcard.  It's great that you want to make
this easier!

I'd like to make a few suggestions based on my reading of the web page
and the mailing list archive.  I apologize in advance if you have
already thought of these.

 - I strongly encourage you to make key generation as easy as
   possible.  Preferably, you should use as many defaults as possible.
   For instance, don't even offer the user the opportunity to set a
   comment!  Ideally, I think the user should just have to enter her
   name and email address.

 - Please consider using GPGME and not --status-fd.  (Note: GPGME now
   includes official bindings for Python.)  Sure, --status-fd is a
   stable interface, but you'll find that once you want to do
   non-trivial things, it becomes more difficult.  If there are some
   things that you can't figure out how to do in GPGME, please ask us
   and we'll either tell you how to do it, implement the feature, or
   tell you why it is a bad idea.

 - Please consider targetting the version of GnuPG that will be in the
   next version of Debian stable.

 - It would be great if you could support this workflow out of the
   box: a smartcard for the primary, and a smartcard for the subkeys.
   Placing the primary key on a smartcard makes it easy to sign keys
   from your main workstation without exposing the private key to the
   offline computer.

 - Consider supporting subkey rotation.  This requires creating new
   subkeys.  Since most users will probably want their current and
   last subkeys to be live at the same time, you need to support two
   smartcards.

 - When the user finishes a session, it might make sense to write a
   script to the USB drive that automatically sends mails with the
   signed keys, and imports the public keys for the user's own key.

 - Can you please explain this: "develop a pinentry-whiptail UI for
   obtaining passphrase."  Why do you need to do this?  Normally,
   gpg-agent prompts for the passphrase.

Thanks!  Keep up the good work!

:) Neal

More information about the PKI-Clean-Room-Devel mailing list