On Sun, Feb 23, 2014 at 02:10:12PM +0800, Paul Wise wrote: > On Sun, Feb 23, 2014 at 8:35 AM, Gunnar Wolf wrote: > > > So, what do you suggest? > > Set a deadline (say 1 year?) for removal of all 1024 bit keys from the > keyring. Notify all users of 1024 bit keys via all addresses listed in > the MIA db and all UIDs on those keys. Remind people that coming to > DebConf is a great way to get signatures. Talk to the DPL about > spending Debian funds to help push this along. At the deadline, move > all Debian members still using 1024 bit keys who responded to emeritus > status and everyone else to disabled. I have been meaning to sit down a write a proposal for the removal of our weaker keys, and run it by Gunnar and Daniel before wider distribution. Part of my reticence is the knowledge that we're going to have to do 600 key replacements and it probably works out to at least 5 minutes per key change. Which is at least 50 hours of work, assuming the requests are all well formed and we don't need to go repeating ourselves about how to submit key change requests. In an attempt to try and reduce problems let me describe some of the problems we see (all of this is in the context of someone taking an existing key that is not believed to be compromised and replacing it with a stronger key): * Requests must be inline signed (gpg --clearsign). Unfortunately RT will mangle PGP/MIME signatures which means we can't verify them. (it will also decide to re-encode email in utf-8, which causes issues for people with non ASCII characters in their .sigs or names, but this is a much less frequent issue) * Requests need to include the full fingerprint of both the old and the new key. Not just the key IDs. Not just the new key. We want to be absolutely certain of what you're requesting replaced. I quite like seeing the actual "gpg --fingerprint" output for both keys because it tends to be quite easy to visually verify. * The new key must be signed by the old key that is being replaced. * The new key must be signed by 2 other keys that are present in the Debian keyring. * The request must be signed by the old key. Signing the request with the new key alone is not helpful - requests must always be signed by a key that is currently in the active keyring. Signing it with both is fine, but not required. * You should specify *why* you want to replace your key. Knowing that it's because you're moving to a stronger key rather than because your old key is compromised / unavailable / on fire helps us prioritise things. The time frame I'd had in mind was 6 months until we disable 1024 bit keys in the keyring, then perhaps a 3 month grace where we'll allow change requests to be signed by those disabled keys, then treat them as completely untrusted. At this point that would mean that post DebConf we'd do the disabling, and then by the end of the year we'd be 1024 bit free. I know that there are various people who have held off on submitting updated keys until they get more signatures. I believe I've already said it elsewhere, but at this point if you have 2 signatures from other DD keys on your new key you should be sending a request for replacement to email@example.com (with something like "Debian RT - Key replacement request for <debianusername>" in the subject) following the above guidelines. J. -- xmpp:firstname.lastname@example.org Most people are descended from apes. Redheads are descended from cats.
Description: Digital signature