[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#732450: debian/watch: help uscan verify PGP signature automatically

On 12/23/2013 06:48 AM, Arno Töll wrote:
> thanks for that suggestion. I added your patch for the upcoming package
> upload. 

great, thank you!

> I did, however, add the full keyring of Apache developers that
> /could/ sign a release as listed in http://www.apache.org/dist/httpd/KEYS

While we're talking about cryptographic controls: please fetch these
sorts of files in the future using https instead of http, if you can.
it looks to me like all of apache's mirror there is available under https :)

There are keys in that keyring that are nearly 20 years old, including
several 1024-bit RSA and 1024-bit DSA keys (and even one 999-bit RSA key
and one 768-bit RSA key!)  Keys of this size have been clearly and
explicitly deprecated by NIST since the end of 2010 [0].  at least one
768-bit RSA key has actually been factored directly, 4 years ago [1].
Debian really should not be relying on weak keys.

Jim Jagielski's release signing key is fine -- a 4096-bit RSA key
created in 2010.  There are several other comparably strong keys in the
KEYS keyring that i'd be fine adding.

But if apache is issuing cryptographic signatures from any of the weak
keys in KEYS, we should encourage them to stop doing so.  Apache's
source code is a high-value target, and we should not leave the software
distribution mechanism open to fiddling based on weak keys for
cryptographic certifications.

(and before someone objects: yes, there are other ways that an adversary
might be able to inject bad code into apache; that doesn't mean that we
should leave open the holes that we know how to close)

I recommend filtering KEYS by removing every key whose primary key (or
any signing-capable subkey) is less than 3072 bits (assuming RSA or DSA
keys here) before storing it in debian/upstream-signing-key,pgp.



[0] pp. 63-66 of

[1] https://en.wikipedia.org/wiki/RSA_numbers#RSA-768

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: