hey

To give you a quick summary of how this all works:

I burn the secret key on a Yubikey with an offline device.

I upload my pub key to Governikus, which compares my
Name on my ID-card with my pub key Name. This is done
via a tunnel, which I must accept on my ID-cards card reader
display (and not my computer). Once done Governikus signs
my pub key and sends the signed pub key to my email address
mentioned in my pub keys UID, along with their signing pub key.

If the NSA would physically take over Governikus' with its own
personal and the complete infrastructure, they would simply sign
in the name of Governikus my pub key, so that you also have the
guarantee that it is me. :-)

what you say has meaning and your joke can be taken many hilarious ways

but obviously there are many unaddressed parts, such as the german workers and the hardware suppliers and software developers and the people delivering the parts

and obviously there is no guarantee that anybody is anybody when a foreign agency siezes control of communications

but they are more likely to do this by installing something subtle than an overt physical takeover

and here they have only to do that with a single organization

and likely even have international deals to facilitate it.

If the NSA could also take physically over our German Bundesdruckerei,
with their personal, which creates our ID-cards, Passports, Banknotes etc.
than they could issue for Joe Blow in the United States an ID-card, so that
he looks like a German national and then he could use Governikus as well.

But how likely is that?

=> you did not address the security of the fingerprint. <= which you describe as secured and shared only by ssl

I am quite happy to let people secure their keys with keysigners, and it sounds like governikus has strong value as _a_ keysigner.

I guess stealing someones (Wot  signed) secret key is a *much much* easier task,
which only would take five minutes or so remotely, along with the passphrase, if
the person still uses an online device for encryption and a little bit more time
if the person uses an offline device.

whether or not they are online is orthogonal to whether or not they use wot and governikus.  wot works fine offline too, works fine with yubikey.

I was surprised when you started saying things as strange as the things I say.  but it is much more pleasant to banter with you than the posters who say very mean things with every post.