[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: APT public key updates?

On Thu, Jan 05, 2006 at 07:38:37PM -0800, Steve Langasek wrote:
> In the third case, again the compromise is either detected, or it isn't.  If
> it's detected, we're revoking the key again; if it's *not* detected (and it
> seems to me that anyone able to compromise the pgp key without also having
> to compromise ftp-master is likely good enough to go undetected), then this
> is a case where scheduled key rotations help us.

There's also a secondary case where they help. Any PGP key can be
cracked with sufficient outlay of computing power. Scheduled key
rotations mean that this has a minimum *cost* requirement associated;
it prevents mere time from being sufficient. If you work out the
numbers carefully then you can effectively stop this attack for
everybody who isn't rich enough to just hire away all the critical
people and take control that way.

Of course, the other requirement for this to work is that the new key
not be generated until shortly before the old one is ready to expire.

However, we don't have to do this annually; with a 2048-bit key,
replacing every five years and generating the new key one year before
the old one expires should be safe at present. That's a conservative
estimate. To defend against ancillary attacks (like somebody grabbing
a copy of the key from ftp-master) you need to know how probable they
are, and reduce these figures accordingly.

  .''`.  ** Debian GNU/Linux ** | Andrew Suffield
 : :' :  http://www.debian.org/ |
 `. `'                          |
   `-             -><-          |

Attachment: signature.asc
Description: Digital signature

Reply to: