Hi Enrico
On Sun, Sep 13, 2020 at 09:11:04AM +0200, Enrico Zini (DAM) wrote:
> * Minimum key size and acceptable algorithms are actually the domain of
> keyring-maint, and we just check those for them.
> At the time of writing this, a new key must be larger than 1024bits,
> ideally at least 4096bits, and capable of hashes stronger than SHA1.
> Please check [KDO] for more recent information.
Hmm, this page do not really read like some sort of policy.
It talks about key size in bits, which only applies to RSA. What about
X25519?
You should bring that to the keyring-maints. However I can tell you that EC keys are pretty much always considered good.
> * An encryption subkey must be present, since various parts of our
> infrastructure require it.
Which parts? While encryption subkeys are useful, I can't see anything
_requiring_ this.
Besides NM sending encrypted tokens, also DSA: the db.d.o password is sent encrypted during account creation, and ISTR also other things.
> * A signature subkey must be there, since various parts of our
> infrastructure require it. Also, it is needed to build up trust (see
> below).
Signing subkeys are pretty rare. What is their use-case?
I believe the *sub*key bit was wrong, it most likely was talking about signing capabilities (like above for encryption, it's all about capabilities, not subkeys)
Also trust is built using certification, not signing (the C bit, not the
S bit). I don't think subkeys can hold a certification setting.
You clearly haven't read the rest of the mail that is talking how certifications are no longer considered mandatory for the formation of trust.