[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Secure APT Key Management

On Wed, 26 Jul 2006, Florian Weimer wrote:
> * Martin Schulze:
> > I'd really love to see this feature properly implemented.
> The only approach which is known to work is static keys for stable
> releases and stable security updates.  The keys can be stored off-line
> or on-line, at the discretion of the respective teams.
> So far, we have botched all yearly key rollovers, and there is zero
> evidence that we'll get the first one that reallly matters right.
> Unfortunately, the key rollover approach is generally assumed to be
> required to achieve a decent level of security and strongly preferred
> over the alternatives.  Needless to say, I very strongly disagree with
> that position.

Why don't we put two signatures ? One from a yearly key and one from a
release key.

Of course, both keys would probably be compromised at the same time (if a
compromis arise), but at least the user has the choice to trust either a
yearly key only or the release key only (and can thus decide to not have
to handle the key rollover).

Raphaël Hertzog

Premier livre français sur Debian GNU/Linux :

Reply to: