[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: State of the debian keyring


Bart Martens:
> On Sun, Feb 23, 2014 at 07:57:43AM +0000, Marco d'Itri wrote:
> > gwolf@gwolf.org wrote:
> > 
> > >So, what do you suggest?
> > Persuade developers that they should sign the new key of people whose
> > old key they have already signed, with no need to meet them in person.
> No, because this would reduce the value of the new keys to the weakness of the
> 1024 bit keys.
That's somewhat true for now given a sufficiently-motivated attacker, but
if *afterwards* some nefarious $CENSORED gets the idea that $DD would be a
nice target for hacking their key, they'd be out of luck. They'd also be
out of luck if the DD's new key happens to already exist (which the DD
who's asked to sign the new key should obviously check).

Thus I would add the new key provisionally; if it doesn't get any new
signatures from DDs with non-provisional strong keys during, say, the
rest of this year, then delete it from the keyring.

This would still be more secure than waiting a year before disabling
the old keys, and come 2015 there would be no difference.

However, I see another problem.

http://keyring.debian.org/replacing_keys.html states that, if Alice wants to
get her key X replaced with key Y,

>> Alice must get a Debian developer […] to sign a message requesting the
>> replacement of key X with key Y on behalf of Alice

… which IMHO is an unnecessary burden if Alice's old and new key are
valid and sufficiently DD-signed.

-- Matthias Urlichs

Attachment: signature.asc
Description: Digital signature

Reply to: