[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: APT public key updates?

Anthony Towns <aj@azure.humbug.org.au> writes:

> No, a key is only as good as (a) how hard it is to break; and (b) how
> easy it is to trust. Key rotation helps make it harder to break (since
> the 2004 key won't do you much good now); and also forces us to consider
> how to make new keys easy to trust, which we otherwise might neglect.

Looking at the parenthesis: the 2004 key would have been quite
valuable a week ago.  It could have been used to sign a fake 2005 key.
Oh wait: *it still can be*.  And once the 2004 key expires, that
should mean that now I have no reason to trust the 2005 key.  (Except
for the fact that it's signed by AJT.  But then, why not just use that
as the archive key directly?)

> So you need something more than just "I trust AJ". No one's worked out
> exactly what that should be yet.

Yeah.  I don't mean that rotation is bad, just that it seems at best
only one small part of the puzzle, and it's not clear to me what the
other parts should look like.  Still, we can only put the puzzle
together one piece at a time.

Reply to: