Re: State of the debian keyring

To: debian-project@lists.debian.org
Subject: Re: State of the debian keyring
From: Bart Martens <bartm@debian.org>
Date: Sun, 23 Feb 2014 09:56:20 +0000
Message-id: <20140223095620.GA16062@master.debian.org>
In-reply-to: <20140223092346.GA3116@smurf.noris.de>
References: <20140123220729.GA25523@scru.org> <20140222224148.GA2130@scru.org> <20140222234641.GA31478@roeckx.be> <20140223003506.GE30391@gwolf.org> <lec9ll$hlh$1@posted-at.bofh.it> <20140223081228.GA1049@master.debian.org> <20140223092346.GA3116@smurf.noris.de>

On Sun, Feb 23, 2014 at 10:23:47AM +0100, Matthias Urlichs wrote:
> Hi,
> 
> Bart Martens:
> > On Sun, Feb 23, 2014 at 07:57:43AM +0000, Marco d'Itri wrote:
> > > gwolf@gwolf.org wrote:
> > > 
> > > >So, what do you suggest?
> > > Persuade developers that they should sign the new key of people whose
> > > old key they have already signed, with no need to meet them in person.
> > 
> > No, because this would reduce the value of the new keys to the weakness of the
> > 1024 bit keys.
> > 
> That's somewhat true for now given a sufficiently-motivated attacker, but
> if *afterwards* some nefarious $CENSORED gets the idea that $DD would be a
> nice target for hacking their key, they'd be out of luck. They'd also be
> out of luck if the DD's new key happens to already exist (which the DD
> who's asked to sign the new key should obviously check).

We don't know which 1024 bit keys may already have been compromised, so you
would not know which new keys would be compromised as well.

> 
> Thus I would add the new key provisionally;

I don't see the point in provisionally adding potentially compromised keys.

> if it doesn't get any new
> signatures from DDs with non-provisional strong keys during, say, the
> rest of this year, then delete it from the keyring.

I see no reason to allow more time, since we have been talking about 4096 keys
since 2010.

> 
> This would still be more secure than waiting a year before disabling
> the old keys, and come 2015 there would be no difference.

A 4096 bit key is cryptographically stronger than a 1024 bit key, but the point
of key signing is about verifying who is holding the private key.

> 
> 
> However, I see another problem.
> 
> http://keyring.debian.org/replacing_keys.html states that, if Alice wants to
> get her key X replaced with key Y,
> 
> >> Alice must get a Debian developer […] to sign a message requesting the
> >> replacement of key X with key Y on behalf of Alice
> 
> … which IMHO is an unnecessary burden if Alice's old and new key are
> valid and sufficiently DD-signed.

I suggest to discuss that in a separate thread.

Regards,

Bart Martens

Reply to:

References:
- Re: State of the debian keyring
  - From: Clint Adams <clint@debian.org>
- Re: State of the debian keyring
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: State of the debian keyring
  - From: Gunnar Wolf <gwolf@gwolf.org>
- Re: State of the debian keyring
  - From: Marco d'Itri <md@Linux.IT>
- Re: State of the debian keyring
  - From: Bart Martens <bartm@debian.org>
- Re: State of the debian keyring
  - From: Matthias Urlichs <smurf@smurf.noris.de>

Prev by Date: Re: State of the debian keyring
Next by Date: Re: State of the debian keyring
Previous by thread: Re: State of the debian keyring
Next by thread: Re: State of the debian keyring
Index(es):
- Date
- Thread