There has been much recent discussion/activity regarding the announcement of reduced complexity collision attacks against SHA-1. In particular it has caused a spate of new GPG key announcements from various DDs, and caused worry amongst others that action needs to be taken. My attitude to this is that yes, people should be considering replacing their existing GPG keys with something stronger using SHA256 or better for signatures (and a keysize of greater than 1024 bits). However this should not be done at the expense of our Web of Trust; I don't believe the situation warrants an instant key rollover. A more sensible approach is new key generation now followed by spending the next 6 months or so getting a decent number of cross signatures for that key before asking for replacement. So, some guidelines about key replacement to help ensure that newly generated keys are integrated into the WoT and the removal of old keys doesn't cause undue damage: * The new key should be signed by at least 2 existing DD keys. More is good. * Replacement of the old key with the new one should not cause any other key to no longer be in Debian's Web of Trust nor strongly connected subset. * Replacement of the old key with the new one should not cause a significant weakening of Debian's Web of Trust. I don't have exact figures for this at present, but it'll be based on the Betweenness Centrality and mean-minimum-distance calculations most probably. * Including a published transition document signed by both keys or a revocation certificate for the old key will be looked upon favourably. * The new key should be signed by the old one. Note these are guidelines, not hard and fast rules. The usual due care and attention should be paid to issuing signatures and cases where developers are unable to maintain as well connected a key easily will be listened to. Requests for replacement should be done via the normal procedure; a *clear signed* (RT mangles PGP/MIME) request to email@example.com with "Debian RT" in the subject, along with something descriptive. Also I recently sent out mail to all those DDs who currently have both PGPv3 and PGPv4 keys in our keyrings asking if the PGPv3 key could be removed without causing disruption. So far I've had replies to fewer than half of these mails. If you have received one and not yet replied please do so; there are various weaknesses in v3 keys that mean that we should be ceasing our use of them. Equally if you only have a v3 key at present please look at generating a suitably strong v4 key and getting it well integrated into the Web of Trust. I am more concerned with ridding us of PGPv3 keys than SHA-1. Finally thanks to the alioth admins the bzr tree used for maintaining the keyring is now publicly accessible via: bzr branch http://bzr.debian.org/keyring/debian-keyring/ or via the loggerhead web interface at: http://bzr.debian.org/loggerhead/keyring/debian-keyring/changes Note that this tree is only a copy of the master tree and will only be updated at the points when the master tree is promoted to the live keyring - so activity will appear bursty but that doesn't mean it's stalled. Useful links: HOWTO prep for migration off SHA-1 in OpenPGP: http://www.debian-administration.org/users/dkg/weblog/48 Betweenness Centrality in the Web of Trust: http://pestilenz.org/cgi-bin/blosxom.cgi/2004/12/09#wot A look at the Debian Web of Trust over time: http://www.earth.li/~noodles/blog/2009/05/breaking-the-web-of-trust.html J. -- Most people are descended from apes. Redheads are descended from cats.
Description: Digital signature