Re: State of the debian keyring

[Gunnar Wolf <gwolf@gwolf.org>]

Kurt Roeckx dijo [Sun, Feb 23, 2014 at 12:46:41AM +0100]:
> For those people who are not aware of this yet, this is really a
> problem.  This provides less security than an 80 bit symmetric
> cipher.  A brute force for this is possible.  It's considered to
> have "very short time" protection against agencies, short time
> against medium organisations.
> 
> That's still 61.5% that's at 1024 bit. CAs are doing better than
> this, with only 0.8% of the certificates that are still active
> being 1024 bit.
> 
> Can I suggest that everyone that is still using a 1024 bit pgp key
> generates a new key *now*?
> 
> The recommended minimum size is at least 2048 bit, but I suggest
> you go for 4096 bit.

...And now hat you mention this here on the list, we have been
discussing how to deal with this for keyring-maint¹.

It would clearly be unacceptable for us to decide to lock out 61.5% of
Debian because of their old key. Also, removing those keys would most
probably make our WoT much more fragile. 

I'd like to ask the project as a whole for input on how we should push
towards this migration. I guess that most of the socially-connected
Debian Developers already have 4096R keys. How can we reach those who
don't? How can we incentivate them to change?

Remember that, in order to get a new key accepted, a big hurdle is
sometimes the need for meeting two people with active keys. Several
people have started the process to update their keys, but after months
(and no real possibility to meet a DD in person) have let it stay as
it is. This hurdle is, of course, very important to maintain in order
to avoid loosening our identity requirements...

So, what do you suggest?

--
¹ Explicitly adding copies to Jonathan and Daniel; Daniel is formally
  a "keyring trainee" as per the last delegation mail, and I'm sorry
  we haven't followed up on his "apprenticeship". Daniel, *please* bug
  us more! :)