Re: Security guidelines for Debian people

To: Thijs Kinkhorst <thijs@debian.org>
Cc: debian-project@lists.debian.org
Subject: Re: Security guidelines for Debian people
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Sat, 5 Nov 2011 09:23:28 -0200
Message-id: <[🔎] 20111105112328.GA29682@khazad-dum.debian.net>
In-reply-to: <[🔎] fe0ef9e4b996b09b1a6a2b960e87ef85.squirrel@wm.kinkhorst.nl>
References: <20111030173346.GA14860@havelock.liw.fi> <[🔎] 20111103163851.GA7752@jwilk.net> <[🔎] 20111103174436.GA3844@khazad-dum.debian.net> <[🔎] fe0ef9e4b996b09b1a6a2b960e87ef85.squirrel@wm.kinkhorst.nl>

On Sat, 05 Nov 2011, Thijs Kinkhorst wrote:
> This thread reminds me of a Dutch management book entitled "Managing
> Professionals? Don't do it!"[1].

Being an engineer, I can tell you that publishing guidelines and the
rationale behind them _is_ necessary even when the audience is competent
technical people.

> We shouldn't prescribe how many copies of a key one should keep where in
> which crypto containers, or whether you should use an USB thumb drive,
> smart card or a floppy to do it.

Yet, we should have the guidelines mention that permanent loss of the
key to hardware defect or bitrot is a real danger, which can be
mitigated by using more/different storage devices stored at the same
place (exposure risk control) or at diferent places (increased exposure
risk, but better at reducing data loss risk).

We can, of course, tone down the guidelines ("should" instead of "shall"
or "must"), and leave "must" to just the very few extremely important
directives.

> DD's are technically competent people and are perfectly able to decide
> what adequate protection for their private key material should look like.

You assume all DDs are technically competent on cryto, and more
specifically, on gpg-based crypto.  That is incorrect.  We're not
specialists on the same things, and that's our strength.

So let the crypto specialists write proper guidelines that the others
can read and learn from.

> Indeed, I oppose the assertion that such guidelines are 'a lot better than
> just having a vague and ineffable thing called "trust"'. Trusting DD's to
> do the right thing is an important value for Debian.

We do trust DDs to read guidelines written by their fellow specialist
DDs and to be humble, professional and technically competent enough to
actually take them seriously and instead of just dismissing them out of
hand, discuss them if they believe to have encountered a relevant
scenario where those guidelines are not optimal.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

References:
- Re: Security guidelines for Debian people
  - From: Jakub Wilk <jwilk@debian.org>
- Re: Security guidelines for Debian people
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Security guidelines for Debian people
  - From: "Thijs Kinkhorst" <thijs@debian.org>

Prev by Date: Re: Security guidelines for Debian people
Next by Date: Help wanted for Google Code-in
Previous by thread: Re: Security guidelines for Debian people
Next by thread: Re: Security guidelines for Debian people
Index(es):
- Date
- Thread