Re: APT public key updates?

To: debian-devel@lists.debian.org
Subject: Re: APT public key updates?
From: Thomas Bushnell BSG <tb@becket.net>
Date: Fri, 06 Jan 2006 00:12:50 -0800
Message-id: <[🔎] 87r77lepvh.fsf@becket.becket.net>
In-reply-to: <[🔎] 20060106075718.GB5805@localhost.localdomain> (Anthony Towns's message of "Fri, 6 Jan 2006 17:57:18 +1000")
References: <[🔎] 2fl64oz1tpi.fsf@saruman.uio.no> <[🔎] 1136416078.4526.1.camel@localhost> <[🔎] 20060105200205.GB20228@kitenet.net> <[🔎] 20060105221306.GA8597@top.ping.de> <[🔎] 2flr77mp5lx.fsf@saruman.uio.no> <[🔎] 20060106003106.GD24652@tennyson.dodds.net> <[🔎] 877j9ep4ny.fsf@becket.becket.net> <[🔎] 20060106033836.GG24652@tennyson.dodds.net> <[🔎] 874q4hesjn.fsf@becket.becket.net> <[🔎] 20060106075718.GB5805@localhost.localdomain>

Anthony Towns <aj@azure.humbug.org.au> writes:

> No, a key is only as good as (a) how hard it is to break; and (b) how
> easy it is to trust. Key rotation helps make it harder to break (since
> the 2004 key won't do you much good now); and also forces us to consider
> how to make new keys easy to trust, which we otherwise might neglect.

Looking at the parenthesis: the 2004 key would have been quite
valuable a week ago.  It could have been used to sign a fake 2005 key.
Oh wait: *it still can be*.  And once the 2004 key expires, that
should mean that now I have no reason to trust the 2005 key.  (Except
for the fact that it's signed by AJT.  But then, why not just use that
as the archive key directly?)

> So you need something more than just "I trust AJ". No one's worked out
> exactly what that should be yet.

Yeah.  I don't mean that rotation is bad, just that it seems at best
only one small part of the puzzle, and it's not clear to me what the
other parts should look like.  Still, we can only put the puzzle
together one piece at a time.

Reply to:

Follow-Ups:
- Re: APT public key updates?
  - From: Anthony Towns <aj@azure.humbug.org.au>

References:
- APT public key updates?
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: APT public key updates?
  - From: Daniel Leidert <daniel.leidert.spam@gmx.net>
- Re: APT public key updates?
  - From: Joey Hess <joeyh@debian.org>
- Re: APT public key updates?
  - From: Michael Vogt <mvo@debian.org>
- Re: APT public key updates?
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: APT public key updates?
  - From: Steve Langasek <vorlon@debian.org>
- Re: APT public key updates?
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: APT public key updates?
  - From: Steve Langasek <vorlon@debian.org>
- Re: APT public key updates?
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: APT public key updates?
  - From: Anthony Towns <aj@azure.humbug.org.au>

Prev by Date: Re: APT public key updates?
Next by Date: init scripts and the "reload" target
Previous by thread: Re: APT public key updates?
Next by thread: Re: APT public key updates?
Index(es):
- Date
- Thread