Re: State of the debian keyring

To: debian-project@lists.debian.org
Subject: Re: State of the debian keyring
From: Bart Martens <bartm@debian.org>
Date: Sun, 23 Feb 2014 08:09:43 +0000
Message-id: <20140223080943.GA11989@master.debian.org>
In-reply-to: <20140223003506.GE30391@gwolf.org>
References: <20140123220729.GA25523@scru.org> <20140222224148.GA2130@scru.org> <20140222234641.GA31478@roeckx.be> <20140223003506.GE30391@gwolf.org>

On Sat, Feb 22, 2014 at 06:35:06PM -0600, Gunnar Wolf wrote:
> Kurt Roeckx dijo [Sun, Feb 23, 2014 at 12:46:41AM +0100]:
> > For those people who are not aware of this yet, this is really a
> > problem.

I agree.  We should take security in Debian seriously.  Getting weak keys
replaced by strong ones in the keyring in time, keeping up with increasing
computer power, is part of that.

> > This provides less security than an 80 bit symmetric
> > cipher.  A brute force for this is possible.  It's considered to
> > have "very short time" protection against agencies, short time
> > against medium organisations.
> > 
> > That's still 61.5% that's at 1024 bit. CAs are doing better than
> > this, with only 0.8% of the certificates that are still active
> > being 1024 bit.
> > 
> > Can I suggest that everyone that is still using a 1024 bit pgp key
> > generates a new key *now*?

Yes please, *now*.

> > 
> > The recommended minimum size is at least 2048 bit, but I suggest
> > you go for 4096 bit.
> 
> ...And now hat you mention this here on the list, we have been
> discussing how to deal with this for keyring-maint¹.
> 
> It would clearly be unacceptable for us to decide to lock out 61.5% of
> Debian because of their old key.

In my opinion it would clearly be unacceptable for us to allow the weak keys in
the keyring for a day longer.  How about removing them now.

> Also, removing those keys would most probably make our WoT much more fragile. 

The WoT is already fragile due to the weak keys.  Also, removing the weak keys
from the keyring doesn't weaken the WoT because all keys still exist in public.

> 
> I'd like to ask the project as a whole for input on how we should push
> towards this migration.  I guess that most of the socially-connected
> Debian Developers already have 4096R keys. How can we reach those who don't?

Contacting them can obviously be done via e-mail.  Note that if they are still
active DDs they should already be aware of the weakness of the keys.  Let's get
real on this, see the age of this message [0], a message all DDs should have
read at the time.  I understand however practical challenges for DDs living in
remote areas for getting keys signed.

[0] : https://lists.debian.org/debian-devel-announce/2010/09/msg00003.html

> How can we incentivate them to change?

As I wrote above, by removing the weak keys now.

> 
> Remember that, in order to get a new key accepted, a big hurdle is
> sometimes the need for meeting two people with active keys. Several
> people have started the process to update their keys, but after months
> (and no real possibility to meet a DD in person) have let it stay as
> it is. This hurdle is, of course, very important to maintain in order
> to avoid loosening our identity requirements...
> 
> So, what do you suggest?

DDs with strong keys can help the locked out DDs with key signing [1] and with
temporarily sponsoring important/urgent packages uploads [2].  I'm hereby
offering this help myself now.

[1] : https://wiki.debian.org/Keysigning/Offers
[2] : http://mentors.debian.net/intro-maintainers

Regards,

Bart Martens

Reply to:

References:
- Re: State of the debian keyring
  - From: Clint Adams <clint@debian.org>
- Re: State of the debian keyring
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: State of the debian keyring
  - From: Gunnar Wolf <gwolf@gwolf.org>

Prev by Date: Re: State of the debian keyring
Next by Date: Re: State of the debian keyring
Previous by thread: Re: State of the debian keyring
Next by thread: debian as unix
Index(es):
- Date
- Thread