On 06/11/2009 02:45 AM, Aníbal Monsalve Salazar wrote: > On Thu, Jun 11, 2009 at 06:56:53AM +0200, Christian Perrier wrote: >> Would someone volunteer to do such job? > > I'll organize it. Thank you, Aníbal! > I was thinking about accepting only keys that don't suffer from the > recently discovered weaknesses. > > What people think about that? I think this is a good idea. As Christian notes, the recent results against SHA1 are still primarily a theoretical concern, and there is currently no "weaponized" attack. However, once such an attack exists, the responsible course of action will be to promptly deprecate all keys that rely on SHA1 (in self-signatures, etc). Making strong guidelines at that point will be too late for a smooth transition -- we should be advancing the WoT to post-SHA1 digests today while we can still consider the existing (old) SHA1 signatures a valid source of bootstrapping information. We have a poor track record for deprecating signatures made over weak digests -- we still currently accept OpenPGP signatures made over MD5, for example, even though last December's attack against X.509 [0] exploited weaknesses in that digest in a real-world scenario. We shouldn't continue in this vein, and having a wider post-SHA1-based WoT would be a good first step. Having a set of guidelines for the debian keysigning would encourage this preparation. At the very least, as keysigning organizer, you have an opportunity to explicitly mark deprecated keys as such, to raise awareness of the problem. The details of how to make the cut between "This key follows best practices" and "This key should be considered deprecated" probably needs to be worked out, though. --dkg [0] http://www.win.tue.nl/hashclash/rogue-ca/
Attachment:
signature.asc
Description: OpenPGP digital signature