Re: Having more than one key in the Debian keyring

To: debian-devel@lists.debian.org
Subject: Re: Having more than one key in the Debian keyring
From: Theodore Ts'o <tytso@mit.edu>
Date: Fri, 15 Aug 2003 10:33:54 -0400
Message-id: <[🔎] 20030815143354.GB25825@thunker.thunk.org>
In-reply-to: <[🔎] 20030812171107.GA5635@quetzlcoatl.dodds.net>
References: <[🔎] E19l4Ne-0007dr-5F@torres.ka0.zugschlus.de> <[🔎] 20030808191158.GD30640@imladris.debian.net> <[🔎] E19lEBE-0000T9-H6@torres.ka0.zugschlus.de> <[🔎] 20030811130111.GA1104@quetzlcoatl.dodds.net> <[🔎] E19mFpN-0007BB-MM@torres.ka0.zugschlus.de> <[🔎] 20030812171107.GA5635@quetzlcoatl.dodds.net>

On Tue, Aug 12, 2003 at 12:11:10PM -0500, Steve Langasek wrote:

> 
> The point was that, if you're asking to replace a key in the keyring
> beacuse of problems with the way you managed it previously, it would be
> a good idea to present an explanation to the keymaster.  The keymaster's
> job is not to facilitate arbitrary key changes; it's to protect the
> keyring from being compromised, while ensuring that trusted keys can be
> used to upload packages into the archive.  This suggests that *not*
> accepting key replacements without a pretty strong reason is a sensible
> policy to follow, and that you're more likely to have things go your way
> if you give the keymaster a reason to believe your request is worth
> paying attention to.  In contrast, "finding my brand new GPG key policy
> on the WWW is left as an exercise to the reader" doesn't seem to me like
> an effective use of the keymaster's time.

Actually, good key management policy states that every so often, you
*should* throw away your key and generate a new one from scratch.
Even if you're perfect (tm), something may have happened that you
didn't expect.... a very clever adversary could have carried out a
black-bag job on your computer, having installed a keyboard tap to
grab passwords and then trojan horsed your GPG binary, etc.

The claim that you should never have to replace a key on the keyring
if you've been a good little doobie is so silly has to be completely
laughable.

						- Ted

Reply to:

Follow-Ups:
- Re: Having more than one key in the Debian keyring
  - From: Andrew Suffield <asuffield@debian.org>

References:
- Having more than one key in the Debian keyring
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: Having more than one key in the Debian keyring
  - From: Kyle McMartin <kyle@gondolin.debian.net>
- Re: Having more than one key in the Debian keyring
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: Having more than one key in the Debian keyring
  - From: Steve Langasek <vorlon@netexpress.net>
- Re: Having more than one key in the Debian keyring
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: Having more than one key in the Debian keyring
  - From: Steve Langasek <vorlon@netexpress.net>

Prev by Date: Re: Accepted coreutils 5.0.90-1 (i386 source all)
Next by Date: Re: Ideas about allowing Co-maintainer
Previous by thread: Re: Having more than one key in the Debian keyring
Next by thread: Re: Having more than one key in the Debian keyring
Index(es):
- Date
- Thread