[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apt in experimental (Re: APT 0.6 migration -- second status report)

On Wed, May 04, 2005 at 06:26:30PM -0400, sean finney wrote:

> istr discussing (or at least thinking to myself) a method of "rolling"
> keys, where one key was used to sign another key, which would then
> ideally be kept somewhere Safe for the case of unexpected expiration.
> this second key could then be used to sign a third key, and so-forth.
> i guess this wouldn't handle  upgrades of apt that skipped a "key epoch",
> but that could probably be worked around by keeping the old keys around
> somewhere so that they could be used to somehow establish a chain of
> trust to the newest key.
> in the case of a compromise you'd still need an extra verification;
> because you'd have to assume that the compromised key could have been
> used by the mean people to sign phony keys.  that could pretty easily
> be accomplished by attaching another d-d's signature to it when it
> was generated, right?  if the key was really kept somewhere Safe, there
> would be no risk of the first key's compromise affecting it.

If you have some code which implements this, I will take a look, but this
sort of thing is very awkward to do with gpg, and I don't think that there
is much justification for this level of complexity.  The existing scheme is
simple, and works.

 - mdz

Reply to: