[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Moving to stronger keys than 1024D

Russ Allbery dijo [Fri, Oct 04, 2013 at 08:57:26PM -0700]:
> I suspect that some of the problem is people feeling like they need to go
> through an in-person key signing to get their new key certified, which can
> be quite awkward depending on where one lives and how much day-to-day
> contact one has with other DDs.  Perhaps we should make more public the
> idea that a key transition document signed with both keys and posted
> publicly is probably sufficient to warrant signing the new key if one has
> signed the old key?  (Assuming that's actually true.)

Right. We were discussing this between Ansgar Burchardt, Jonathan
McDowell and myself (prompted by Ansgar, as he noticed the same
numbers Paul Wise has just posted, giving a reference that it was
mentioned in #d-security), and we do agree it is a high priority

In addition to Paul's numbers, we have also the DM keyring, which is
in a much better shape quite probably because it's much newer. 

    115 4096R
     54 1024D
     11 2048R
      1 8192R
      1 3072R
      1 1280R

We have not yet pushed this further because both Jonathan and me are
currently under a very high workload (well, I don't want to talk for
Jonathan, but I have come to know his work patterns somewhat ;-) )

We made a big push during ~2009 to get people to migrate away from
(even) weaker PGP keys, and IIRC completed the move by 2010. And we
have invited people to move to 4096R, with some insistence back then,
but we have really slowed down the pressure (real-life issues maybe?)

During a brief interchange of mails, several ideas were floated:

- Give a suitable time window for the key migration and disable old
  keys. Jonathan gave a first suggestion of 6 months.

- Actually reach out to people and make explicit that 1024D is *no
  longer enough*. We guess that some of them never paid too much
  attention to the issue, and those are the most likely to be "Debian
  outliers", not people inside the core group who meet year-to-year
  with the community and play the "get more signatures" game.

- An idea to help said outliers is to use the data in LDAP to tell
  them who lives closest to them so they can get signatures more
  quickly. Of course, this has the disadvantage on relying on our
  (known-bogus and known-incomplete) LDAP geolocation data.

- If we were to retire all 1024D keys today, we would lock out
  approx. two thirds of Debian. That's clearly unacceptable. I don't
  think it's feasible to attempt it until we are closer to the one
  third mark — And I'm still not very comfortable with it. But OTOH,
  it can help us pinpoint those keys that are not regularly used

  - People who have done MIA-tracking, do our tools report when was
    the last activity we saw in connection with a given key? I'd guess
    they do...

- Yes, Ansgar points out that it's still probably easier to steal a
  GPG key than to break it. Not all of us follow the safest computing
  techniques, do we?

- Ansgar says, and it's in line with Russ' suggestion «A compromise
  for people in remote locations would be to allow them requesting key
  replacement with a stronger key that is only signed by
  themselves. The price would be a weaker WoT, but maybe that would be
  okay for a few keys». This one makes me somewhat uneasy: Not
  requiring signatures leads to a very easy (for some definition of
  easy) way to steal a dormant account's personna. I'd really like to
  keep the "two signatures needed" rule.

  Yes, our WoT has naturally weakened due to bitrot
  (i.e. cross-signatures made with keys which are later retired might
  have created WoT islands), but we do have at least identity
  assurance history. We could accept (although I don't know how
  practical it'd be) a possibility to equate, say, two signatures by
  well-connected people in the Free Software ecosystem to equate one
  DD signature? (yes, sure, but what does well-connected mean‽)

Anyway, some random thoughts. I should really head to bed now.

Thanks to Pabs for kicking me into writing this mail! :)

Attachment: signature.asc
Description: Digital signature

Reply to: