Re: bits from the release team

To: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
Cc: debian-devel@lists.debian.org
Subject: Re: bits from the release team
From: Florian Weimer <fw@deneb.enyo.de>
Date: Fri, 26 May 2006 19:57:01 +0200
Message-id: <[🔎] 87slmwbrf6.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 87psimfdd0.fsf@informatik.uni-tuebingen.de> (Goswin von Brederlow's message of "Wed, 10 May 2006 11:17:15 +0200")
References: <20060502203633.GR9262@mails.so.argh.org> <[🔎] 878xphphi2.fsf@informatik.uni-tuebingen.de> <[🔎] 20060505000745.GA32637@kitenet.net> <[🔎] 87wtd1nsrh.fsf@informatik.uni-tuebingen.de> <[🔎] 20060505020534.GA1144@kitenet.net> <[🔎] 87d5ernrr0.fsf@informatik.uni-tuebingen.de> <[🔎] 87y7xewayi.fsf@mid.deneb.enyo.de> <[🔎] 87psimfdd0.fsf@informatik.uni-tuebingen.de>

* Goswin von Brederlow:

> Florian Weimer <fw@deneb.enyo.de> writes:
>
>> * Goswin von Brederlow:
>>
>>> Doesn't work if the key is ever compromised and a new one has to be
>>> created out of schedule. Or when you spend your x-mas holidays away
>>> from your system and couldn't upgrade before new years eve.
>>
>> Exactly, and this begs the question why we rotate keys at all.
>
> A key might be compromised without our knowledge.

Wouldn't it make more sense to rotate it monthly, then?  Why only
replace it once a year?  Why not once every three years?  Or once per
release cycle?

> But that is not relevant to the problem. Experience shows that keys do
> get compromised and need changing. So rotation or no rotation the key
> change has to be handled anyway. Rotation just adds it at specific
> intervals on top of random events.

Could you point me to a deployment which relies on key rotation to
deal with key compromises? 8-)

Our users would surely thank us if we just put that damn key onto an
HSM[1] (so that a host compromise would allow an attacker to generate
a limited signatures only, while he or she has got access to the host).

[1] Even one of those OpenPGP smartcard would be good enough because
    we only need to make a few signatures once or twice a day.

Reply to:

Follow-Ups:
- Key rotation deployments (Was: bits from the release team)
  - From: Ondrej Sury <ondrej@sury.org>

References:
- Re: bits from the release team
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: bits from the release team
  - From: Joey Hess <joeyh@debian.org>
- Re: bits from the release team
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: bits from the release team
  - From: Joey Hess <joeyh@debian.org>
- Re: bits from the release team
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: bits from the release team
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: bits from the release team
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>

Prev by Date: Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Next by Date: Re: use of "invoke-rc.d $PACKAGE stop || exit $?" in prerm scripts
Previous by thread: Re: bits from the release team
Next by thread: Key rotation deployments (Was: bits from the release team)
Index(es):
- Date
- Thread