Re: APT public key updates?

To: debian-devel@lists.debian.org
Subject: Re: APT public key updates?
From: Thomas Bushnell BSG <tb@becket.net>
Date: Fri, 06 Jan 2006 11:35:46 -0800
Message-id: <[🔎] 8764oxcfot.fsf@becket.becket.net>
In-reply-to: <[🔎] 20060106083352.GA6056@localhost.localdomain> (Anthony Towns's message of "Fri, 6 Jan 2006 18:33:52 +1000")
References: <[🔎] 1136416078.4526.1.camel@localhost> <[🔎] 20060105200205.GB20228@kitenet.net> <[🔎] 20060105221306.GA8597@top.ping.de> <[🔎] 2flr77mp5lx.fsf@saruman.uio.no> <[🔎] 20060106003106.GD24652@tennyson.dodds.net> <[🔎] 877j9ep4ny.fsf@becket.becket.net> <[🔎] 20060106033836.GG24652@tennyson.dodds.net> <[🔎] 874q4hesjn.fsf@becket.becket.net> <[🔎] 20060106075718.GB5805@localhost.localdomain> <[🔎] 87r77lepvh.fsf@becket.becket.net> <[🔎] 20060106083352.GA6056@localhost.localdomain>

Anthony Towns <aj@azure.humbug.org.au> writes:

> On Fri, Jan 06, 2006 at 12:12:50AM -0800, Thomas Bushnell BSG wrote:
>> Anthony Towns <aj@azure.humbug.org.au> writes:
>> > No, a key is only as good as (a) how hard it is to break; and (b) how
>> > easy it is to trust. Key rotation helps make it harder to break (since
>> > the 2004 key won't do you much good now); and also forces us to consider
>> > how to make new keys easy to trust, which we otherwise might neglect.
>> Looking at the parenthesis: the 2004 key would have been quite
>> valuable a week ago.  It could have been used to sign a fake 2005 key.
>> Oh wait: *it still can be*.  
>
> It shouldn't be, since the 2004 key expired almost a year ago. Maybe we
> should be revoking expired keys as well.

Sorry, I meant 2005.  I forgot the new year; now I see the point you
were making, and that makes sense to me.

Thomas

Reply to:

References:
- Re: APT public key updates?
  - From: Daniel Leidert <daniel.leidert.spam@gmx.net>
- Re: APT public key updates?
  - From: Joey Hess <joeyh@debian.org>
- Re: APT public key updates?
  - From: Michael Vogt <mvo@debian.org>
- Re: APT public key updates?
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: APT public key updates?
  - From: Steve Langasek <vorlon@debian.org>
- Re: APT public key updates?
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: APT public key updates?
  - From: Steve Langasek <vorlon@debian.org>
- Re: APT public key updates?
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: APT public key updates?
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: APT public key updates?
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: APT public key updates?
  - From: Anthony Towns <aj@azure.humbug.org.au>

Prev by Date: Re: net-tools maintenance status
Next by Date: Re: APT public key updates?
Previous by thread: Re: APT public key updates?
Next by thread: Re: APT public key updates?
Index(es):
- Date
- Thread