Re: apt in experimental (Re: APT 0.6 migration -- second status report)

To: debian-devel@lists.debian.org
Subject: Re: apt in experimental (Re: APT 0.6 migration -- second status report)
From: Matt Zimmerman <mdz@debian.org>
Date: Wed, 4 May 2005 15:33:37 -0700
Message-id: <[🔎] 20050504223337.GE29865@alcor.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20050504222630.GB24842@seanius.net>
References: <873bvs6swo.fsf@deneb.enyo.de> <[🔎] 87acnb16lw.fsf@deneb.enyo.de> <[🔎] 20050504154118.GA5874@rollcage.inittab.de> <[🔎] 20050504190526.GU29865@alcor.net> <[🔎] 874qdipxp9.fsf@informatik.uni-tuebingen.de> <[🔎] 20050504204430.GY29865@alcor.net> <[🔎] 87y8auoe1y.fsf@informatik.uni-tuebingen.de> <[🔎] 20050504220842.GB29865@alcor.net> <[🔎] 20050504222630.GB24842@seanius.net>

On Wed, May 04, 2005 at 06:26:30PM -0400, sean finney wrote:

> istr discussing (or at least thinking to myself) a method of "rolling"
> keys, where one key was used to sign another key, which would then
> ideally be kept somewhere Safe for the case of unexpected expiration.
> this second key could then be used to sign a third key, and so-forth.
> i guess this wouldn't handle  upgrades of apt that skipped a "key epoch",
> but that could probably be worked around by keeping the old keys around
> somewhere so that they could be used to somehow establish a chain of
> trust to the newest key.
> 
> in the case of a compromise you'd still need an extra verification;
> because you'd have to assume that the compromised key could have been
> used by the mean people to sign phony keys.  that could pretty easily
> be accomplished by attaching another d-d's signature to it when it
> was generated, right?  if the key was really kept somewhere Safe, there
> would be no risk of the first key's compromise affecting it.

If you have some code which implements this, I will take a look, but this
sort of thing is very awkward to do with gpg, and I don't think that there
is much justification for this level of complexity.  The existing scheme is
simple, and works.

-- 
 - mdz

Reply to:

Follow-Ups:
- Re: apt in experimental (Re: APT 0.6 migration -- second status report)
  - From: sean finney <seanius@debian.org>

References:
- APT 0.6 migration -- second status report
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: APT 0.6 migration -- second status report
  - From: Norbert Tretkowski <tretkowski@inittab.de>
- apt in experimental (Re: APT 0.6 migration -- second status report)
  - From: Matt Zimmerman <mdz@debian.org>
- Re: apt in experimental (Re: APT 0.6 migration -- second status report)
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: apt in experimental (Re: APT 0.6 migration -- second status report)
  - From: Matt Zimmerman <mdz@debian.org>
- Re: apt in experimental (Re: APT 0.6 migration -- second status report)
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: apt in experimental (Re: APT 0.6 migration -- second status report)
  - From: Matt Zimmerman <mdz@debian.org>
- Re: apt in experimental (Re: APT 0.6 migration -- second status report)
  - From: sean finney <seanius@debian.org>

Prev by Date: Re: apt in experimental (Re: APT 0.6 migration -- second status report)
Next by Date: Re: apt in experimental (Re: APT 0.6 migration -- second status report)
Previous by thread: Re: apt in experimental (Re: APT 0.6 migration -- second status report)
Next by thread: Re: apt in experimental (Re: APT 0.6 migration -- second status report)
Index(es):
- Date
- Thread