On Thu, Jan 05, 2006 at 11:15:08PM -0800, Thomas Bushnell BSG wrote: > >> If the key is compromised, which is the only way the non-expiring key > >> method can be broken, then the expiring key doesn't seem to be > >> offering all that much additional security. > > Indeed it doesn't. Ideally, if the previous key has been compromised, users > > would be verifying the integrity of the new key using other signatures; but > > in the worst case, verifying using the signature from the previous key (if > > they're disconnected from the web of trust) is no worse than not being able > > to verify it at all. > I think I now understand better, and I can better express the > uncertainty I was groping at. A key is only as good as the keys that > sign it. The reason for rotating the key is that there is some > non-zero risk that it will be compromised, and this limits exposure. > But in order to validate the new key, which is only as good as its > signatures, I must rely on whatever signs the new key. > I trust AJ. So I trust AJ to sign the new key correctly. Surely, it > seems to me, the risk of AJ allowing his own key to be compromised is > just about the same as the risk of his allowing the archive key to be > compromised. What am I missing? The exposure of the archive key is higher, because it sits on an Internet-connected, ssh-accessible server. Also, you don't have to trust AJ's key; in contrast with Florian's assessment of the NM-suitability of the three ftpmasters, one ftp assistant, and one RM who have signed this key so far :), I would encourage you to log into merkel and verify, directly and securely, the key at /org/ftp.debian.org/web/ziyi_key_2006.asc; sign it; and upload your signature to the public keyservers as well, if you are satisfied that this is the key that is being used on ftp-master.debian.org to sign the archive. You should *only* do this if you're satisfied that the presence of this file in the mirror on merkel is adequate evidence that it's the same key in use on ftp-master. So trusting that the ssh host key of merkel is authentic, trusting that someone hasn't compromised both merkel and your network (pushing matching, invalid keys to you via merkel and a MITM of http://ftp-master.debian.org), and trusting that the propagation from ftp-master to merkel is secure. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. vorlon@debian.org http://www.debian.org/
Attachment:
signature.asc
Description: Digital signature