<div dir="ltr">So I am almost at the stage where I can loose PPE (Privacy Protected Everything) onto the world. <div><br></div><div>I would like to do a sanity check on the design before starting to get actual users since once you do that...</div>
<div><br></div><div><br></div><div>The ideas are<div><br></div><div>1) Ease of use must be as good or better than no security at all except on the rare occasion where a user wants to confirm the level of security provided.</div>
<div><br></div><div>2) Format agnostic: I am building on S/MIME right now but the approach works with OpenPGP just the same.</div><div><br></div><div>3) Trust model agnostic: Must support direct, trusted third party and web of trust models. Plus mixtures of all three.</div>
<div><br></div><div>4) One size (usually) fits all, no 'high security' or 'advanced user' options unless there is a specific reason to believe that only advanced users need SHA512 or AES 256 or might lose their key. Requiring everyone to have split keys, a personal CA root etc. whether they think they need it or not saves a lot of problems</div>
<div><br></div><div>So naturally I need to give everyone a personal CA hierarchy as follows:</div></div><div><br></div><div>1) Lifelong master root key, The hash of the public portion of this key is the user's life long phingerprint. Cert has 100 year expiry, subject + issuer name is the phingerprint</div>
<div><br></div><div>2) Subroot, is signed by the master root, valid for at least ten years. Subject name is the hash of the subroot key</div><div><br></div><div><br></div><div>3) Static encryption key shared across all user's devices.</div>
<div><br></div><div>4) Device signature/authentication key that is unique to a particular device.</div><div><br></div><div><br></div><div>So if Alice lives 100 years she might have 2 phingerprint / master roots for her whole life (assuming she creates a new one at 18), maybe a dozen subroots. 1200 encryption keys and 400 or so device keys.</div>
<div><br></div><div>Only the master root key has to be escrowed outside the system and this can be done through a paper based mechanism as discussed earlier on the list and this is entirely under control of the person.</div>
<div><br></div><div>While (1) signs (2) using X.509 semantics for simplicity, the use of the sub-root (2) to sign keys of type 3 or 4 does not need to be through PKIX. This is where I want a JSON type format so that I can make statements such as:</div>
<div><br></div><div>'My encryption key for July-2015 if foo, it is preferred that all email is encrypted using S/MIME and AES-256. The key may also be used with the OpenPGP format.'</div><div><br></div><div><br></div>
<div>When people endorse each other's keys in this scheme they are going to be endorsing their lifelong phingerprint corresponding to a masterroot, not the subroot or use keys.</div><div><br></div><div>I see root keys and endorsements being entered into Certificate Transparency like logs.</div>
<div><br></div></div>