From: Robert G. <r.s...@fa...> - 2008-11-20 14:57:13
|
> As we all get more and more mobile I thought it might be nice to be > able to encrypt/decrypt mails sent to and from these devices. I think the best option here is actually to use a 'web service'. In this case, have you considered something like HushMail? Or, of course, the GPG support in other webmail apps such as SquirrelMail. Regarding the security of your private key, this is already a problem with people who use multiple machines for email. Tokens (cards, usb keys etc.) are one option but they suffer from the same issue as storing your key on your iPhone. My feeling is that we are already in an environment where we need to be able to use our private keys in multiple (insecure) locations and we therefore have to quantify the real security level of the passphrase we use for the key-pair and how we store it. I don't think it wise to rely on security through obscurity - hiding your private key on your home machine. It should be possible to have your private key at work, at home, on your laptop, your iPhone etc. safe in the knowledge that it is at least as hard to crack as an encrypted email. Does anyone know whether the GPG developers are doing anything major to help in this problem? By preference I'd quite like to see the ability to separate sub-keys out from a private primary key. At the moment it is common practice to generate expiring encryption subkeys but not really to do the same for signing subkeys. If we could have a master signing key and expiring signing/encrypting subkeys (signed by the master) then take ONLY the subkeys with you, you would not expose your primary signing key (which has the whole web of trust thing attached to it) but only a reasonably disposable subkey. I suppose you can achieve something similar with a second primary key that you sign with your first primary key but this is very messy (esp. when you then expire the second primary key) and as the second key is a fully- fledged key in its own right the trust level against it would be harder to manage. Robert --- GnuPG public key: http://www.Far-Blue.co.uk |