Re: system-wide crypto policies

To: debian-devel@lists.debian.org
Subject: Re: system-wide crypto policies
From: "Thijs Kinkhorst" <thijs@debian.org>
Date: Fri, 28 Jun 2013 09:34:25 +0200
Message-id: <[🔎] 97b001594faa6654df2bfe01109ef981.squirrel@aphrodite.kinkhorst.nl>
In-reply-to: <[🔎] 51CC9DB9.8060101@pocock.com.au>
References: <[🔎] 51CC3709.7000105@pocock.com.au> <[🔎] 87bo6rnxt8.fsf@mid.deneb.enyo.de> <[🔎] 51CC9DB9.8060101@pocock.com.au>

On Thu, June 27, 2013 22:16, Daniel Pocock wrote:
> On 27/06/13 21:44, Florian Weimer wrote:
>> * Daniel Pocock:
>>
>>> However, are such issues at the discretion of package maintainers and
>>> upstream, or is it useful to have a uniform Debian approach to
>>> cryptographic strength?
>>
>> Keep in mind that RFC 4880 (OpenPGP) hard-codes SHA-1 in several
>> places, notably for key fingerprints.  If there's a uniform strength
>> requirement, we need some weasel words that GnuPG remains compliant.
>>
>> It's also unclear if SHA-256 or SHA-512 is stronger, and if either
>> really is that much better than SHA-1.
>
> Just to clarify, although my query was related to the use of this hash
> in GnuPG, the reason for the email on debian-devel is for the
> system-wide policy on hashes: which could mean any package (e.g. git
> uses SHA-1 too, some of the X.509 root certs use an SHA-1 hash)
>
> The first question then - do we even need to care, as a project, about
> being pro-active?  Or just leave it at the discretion of derivatives and
> end-users to make their own policies?  That's quite OK as long as this
> approach is documented.  The security page[1] says "Debian takes
> security very seriously" and some users may ask how we apply that
> philosophy to SHA-1 given that it is on various alerts[2].
>
> It may be that we say "Some packages include SHA-1 technology and if the
> attack potential crosses some threshold X the security team will not
> support them."  Then it is up to maintainers and upstreams to think
> about and start making plans for the future of their packages.

I think such decisions are indeed best left to individual package
maintainers as there's in my opinion no one sound advice that works for
all cases. While moving away from SHA-1 right now might make sense in some
cases, in others it's still problematic. You name X.509: CA roots are by
and large not moving away from SHA-1; you name GnuPG: SHA-1 is indeed in
the standard and signing stuff with non-SHA-1 hashes still leads to
compatibility issues which make that there's a good case for keeping the
current default.

Although deprecation is good, there's also still doubt on where to migrate
to. Per-package decisions are hence a much more suited approach than
archive-wide policies.

Cheers,
Thijs

Reply to:

Follow-Ups:
- Re: system-wide crypto policies
  - From: Daniel Pocock <daniel@pocock.com.au>

References:
- system-wide crypto policies
  - From: Daniel Pocock <daniel@pocock.com.au>
- Re: system-wide crypto policies
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: system-wide crypto policies
  - From: Daniel Pocock <daniel@pocock.com.au>

Prev by Date: Re: Bug#714342: ITP: pytz -- World timezone definitions, modern and historical
Next by Date: Anonymous svn does not work any more
Previous by thread: Re: system-wide crypto policies
Next by thread: Re: system-wide crypto policies
Index(es):
- Date
- Thread