Re: State of the debian keyring
On Sun, Feb 23, 2014 at 12:28:58PM +0100, Kurt Roeckx wrote:
> On Sun, Feb 23, 2014 at 07:57:43AM +0000, Marco d'Itri wrote:
> > email@example.com wrote:
> > >So, what do you suggest?
> > Persuade developers that they should sign the new key of people whose
> > old key they have already signed, with no need to meet them in person.
> I'm not sure what you're saying, but I think it's a bad idea.
I agree that it's a bad idea.
> What I would find acceptable is that if you generate an new key you sign the
> same keys with the new key that you signed previously with the old key.
If this is cross signing your own old and new keys, then there is, unrelated to
the debian keyring, obviously nothing wrong with that.
> I would also find it acceptable that the keyring maintainers accept a
> signature from a single DD to replace the key, with that single DD being the
> DD's old key.
I would not find this acceptable. I'm surprised you write this. Maybe I'm
misreading what you meant.
> If they old key doesn't get revoked there is still a (weak) web of trust.
This is true.
> But I would like to see a signature from at least one other person with a
> stronger key that has a reasonable connection to the web of trust, preferably
> a DD. The more then better of course.
I think we should use the exact same rules for replacing old keys by new keys
as for adding new keys from newcomers. We should not lower the value of new
keys by cutting corners.
> I see no good reason to sign new keys without meeting the person
> to confirm that that is their new key.
I strongly agree with that.
> You seem to suggest that that is a good idea to keep the web of trust, but to
> me it seems you just create a web of trust that isn't really there.
If your point is that the web of trust with the 4096 bit keys shouldn't depend
on the existing web of trust based on the old 1024 bit keys, then I agree. I
don't object against keeping the existing web of trust based on the 1024 bit
keys, but one should realize that it is already weakened, regardless of how we
introduce 4096 bit keys.
> What we need is a way to confirm that you're talking to the same person
> you've met previously and confirm that that is his new key.
Exactly. We should not cut corners when replacing the 1024 bit keys by 4096