Russ Allbery dijo [Fri, Oct 04, 2013 at 08:57:26PM -0700]: > I suspect that some of the problem is people feeling like they need to go > through an in-person key signing to get their new key certified, which can > be quite awkward depending on where one lives and how much day-to-day > contact one has with other DDs. Perhaps we should make more public the > idea that a key transition document signed with both keys and posted > publicly is probably sufficient to warrant signing the new key if one has > signed the old key? (Assuming that's actually true.)
Right. We were discussing this between Ansgar Burchardt, Jonathan McDowell and myself (prompted by Ansgar, as he noticed the same numbers Paul Wise has just posted, giving a reference that it was mentioned in #d-security), and we do agree it is a high priority issue. In addition to Paul's numbers, we have also the DM keyring, which is in a much better shape quite probably because it's much newer. 115 4096R 54 1024D 11 2048R 1 8192R 1 3072R 1 1280R We have not yet pushed this further because both Jonathan and me are currently under a very high workload (well, I don't want to talk for Jonathan, but I have come to know his work patterns somewhat ;-) ) We made a big push during ~2009 to get people to migrate away from (even) weaker PGP keys, and IIRC completed the move by 2010. And we have invited people to move to 4096R, with some insistence back then, but we have really slowed down the pressure (real-life issues maybe?) During a brief interchange of mails, several ideas were floated: - Give a suitable time window for the key migration and disable old keys. Jonathan gave a first suggestion of 6 months. - Actually reach out to people and make explicit that 1024D is *no longer enough*. We guess that some of them never paid too much attention to the issue, and those are the most likely to be "Debian outliers", not people inside the core group who meet year-to-year with the community and play the "get more signatures" game. - An idea to help said outliers is to use the data in LDAP to tell them who lives closest to them so they can get signatures more quickly. Of course, this has the disadvantage on relying on our (known-bogus and known-incomplete) LDAP geolocation data. - If we were to retire all 1024D keys today, we would lock out approx. two thirds of Debian. That's clearly unacceptable. I don't think it's feasible to attempt it until we are closer to the one third mark — And I'm still not very comfortable with it. But OTOH, it can help us pinpoint those keys that are not regularly used - People who have done MIA-tracking, do our tools report when was the last activity we saw in connection with a given key? I'd guess they do... - Yes, Ansgar points out that it's still probably easier to steal a GPG key than to break it. Not all of us follow the safest computing techniques, do we? - Ansgar says, and it's in line with Russ' suggestion «A compromise for people in remote locations would be to allow them requesting key replacement with a stronger key that is only signed by themselves. The price would be a weaker WoT, but maybe that would be okay for a few keys». This one makes me somewhat uneasy: Not requiring signatures leads to a very easy (for some definition of easy) way to steal a dormant account's personna. I'd really like to keep the "two signatures needed" rule. Yes, our WoT has naturally weakened due to bitrot (i.e. cross-signatures made with keys which are later retired might have created WoT islands), but we do have at least identity assurance history. We could accept (although I don't know how practical it'd be) a possibility to equate, say, two signatures by well-connected people in the Free Software ecosystem to equate one DD signature? (yes, sure, but what does well-connected mean‽) Anyway, some random thoughts. I should really head to bed now. Thanks to Pabs for kicking me into writing this mail! :)
signature.asc
Description: Digital signature