Re: Moving to stronger keys than 1024D
On Sat, Oct 5, 2013 at 1:41 PM, Gunnar Wolf wrote: In addition to Paul's numbers, we have also the DM keyring, which is in a much better shape quite probably because it's much newer. Good news. - Give a suitable time window for the key migration and disable old keys. Jonathan gave a first suggestion of 6 months. Sounds good. - Actually reach out to people and make explicit that 1024D is *no longer enough*. We guess that some of them never paid too much attention to the issue, and those are the most likely to be Debian outliers, not people inside the core group who meet year-to-year with the community and play the get more signatures game. Yes please, via (at least mail to all of the non-revoked UIDs on all these keys. Some of the people with 1024-bit keys are very active (some in core teams) though so perhaps that should be restricted. - An idea to help said outliers is to use the data in LDAP to tell them who lives closest to them so they can get signatures more quickly. Of course, this has the disadvantage on relying on our (known-bogus and known-incomplete) LDAP geolocation data. The city information in LDAP might be better, perhaps alongside these: https://wiki.debian.org/LocalGroups https://wiki.debian.org/Keysigning/Offers https://wiki.debian.org/BSP https://wiki.debian.org/DebianEvents - If we were to retire all 1024D keys today, we would lock out approx. two thirds of Debian. That's clearly unacceptable. I don't think it's feasible to attempt it until we are closer to the one third mark — And I'm still not very comfortable with it. But OTOH, it can help us pinpoint those keys that are not regularly used Agreed. - People who have done MIA-tracking, do our tools report when was the last activity we saw in connection with a given key? I'd guess they do... They do: $ ssh qa.debian.org /srv/qa.debian.org/mia/mia-query pabs | grep -i pgp activity-pgp:[Thu, 03 Oct 2013 13:51:38] 610B 28B5 5CFC FE45 EA1B 563B 3116 BA5E 9FFA 69A3 debian-bugs-d...@lists.debian.org archive/latest/1010533 1380807999.31767.36.camel@chianamo - Yes, Ansgar points out that it's still probably easier to steal a GPG key than to break it. Not all of us follow the safest computing techniques, do we? Indeed, for example probably the majority of us use a web browser on the same machine as our OpenPGP keys. (yes, sure, but what does well-connected mean‽) Strong set? -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAKTje6F-u-F15PsZ83-aHe6JjHA==auawsgo1bmgqmsogh8...@mail.gmail.com
Re: Moving to stronger keys than 1024D
On Sat, Oct 05, 2013 at 12:41:41AM -0500, Gunnar Wolf wrote: Yes, our WoT has naturally weakened due to bitrot (i.e. cross-signatures made with keys which are later retired might have created WoT islands), but we do have at least identity assurance history. So, I've a question about this and I'm looking for best practices in the area. I've migrated to a 4096R key in 2010, but I haven't yet revoked my old 1024D key. My initial, maybe naive, idea was to wait for the new key to be as well connected in the WoT as the old one before retiring the latter. 3 years into that, is not very clear to me that this is not gonna happen any time soon: even though I've been traveling a lot over the past 3 years and met a lot of Free Software people, the MSD ranking of my new key is ~180 whereas the old one is ~62. Given I've collected many signatures on the new key, the reason is likely that the migration of many people (and possibly the fact that some other very well connected people haven't migrated?) is making the WoT much more scattered than what it was ~13 years ago, when I started using my former key. What worries me is that by revoking my old key I'll make the situation for the WoT worse. Given the current state and evolution trends of WoT, is it actually the case, as Gunnar hints at above, or not? OTOH by not retiring my old 1024D key I feel increasingly more irresponsible, as impersonating me via the old key (and possibly sign other keys with it...) is becoming increasingly easier. Oh mighty Debian keyring maintainers and WoT gurus, what do you suggest to do in this respect? When is the right moment to retire old keys after migration to stronger ones? TIA, Cheers. -- Stefano Zacchiroli . . . . . . . z...@upsilon.cc . . . . o . . . o . o Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o Former Debian Project Leader . . @zack on identi.ca . . o o o . . . o . « the first rule of tautology club is the first rule of tautology club » signature.asc Description: Digital signature
Re: Moving to stronger keys than 1024D
On Sat, Oct 05, 2013 at 10:37:40AM +0200, Stefano Zacchiroli wrote: Oh mighty Debian keyring maintainers and WoT gurus, what do you suggest to do in this respect? When is the right moment to retire old keys after migration to stronger ones? I think that you clearly reached the point where more keysignings doesn't have a big inpact on your msd ranking. I would say that if your new keys has over 100 signatures it's time to revoke your old key. As such I have just revoked my old key with msd 49 while my new one only is at 1033. Kurt -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131005094825.ga25...@roeckx.be
Re: Moving to stronger keys than 1024D
On Sat, Oct 05, 2013 at 10:37:40AM +0200, Stefano Zacchiroli wrote: What worries me is that by revoking my old key I'll make the situation for the WoT worse. Given the current state and evolution trends of WoT, is it actually the case, as Gunnar hints at above, or not? OTOH by not retiring my old 1024D key I feel increasingly more irresponsible, as impersonating me via the old key (and possibly sign other keys with it...) is becoming increasingly easier. Oh mighty Debian keyring maintainers and WoT gurus, what do you suggest to do in this respect? When is the right moment to retire old keys after migration to stronger ones? Now. If you have a 2048 bit or larger key that has been signed by at least 2 other DDs but still have a 1024D key in our keyring you should be filing a request for replacement. When we first started requiring larger keys for new DDs/replacements it was felt that we didn't want to risk our WoT and could take things gradually. I think we're at the point where we should be proactively moving to larger keys now. Your older key might be well linked and have a low MSD, but that includes all of the 1024D keys we're trying to move away from. The more useful question is how many of the signatures on your new key come from strong keys, and how many strong keys have you signed with that new key? J. -- ] http://www.earth.li/~noodles/ [] Mistakes aren't always regrets. [ ] PGP/GPG Key @ the.earth.li [] [ ] via keyserver, web or email. [] [ ] RSA: 4096/2DA8B985[] [ signature.asc Description: Digital signature
Re: Moving to stronger keys than 1024D
On Sat, Oct 05, 2013 at 08:17:48AM -0700, Jonathan McDowell wrote: Now. If you have a 2048 bit or larger key that has been signed by at least 2 other DDs but still have a 1024D key in our keyring you should be filing a request for replacement. I'm sorry, I realize only now I wasn't clear on this point. I was talking about the WoT at large, not only the Debian keyring. I've indeed replaced my 1024D key wih my 4096R key in the Debian keyring a long time ago. What I haven't yet done is _revoking_ the old key. Doing that now should have no bad effect on the Debian keyring, as any potentially bad effect there has already happened when I did the replacement. The more useful question is how many of the signatures on your new key come from strong keys, and how many strong keys have you signed with that new key? Right. If you happen to have a oneliner to verify that I'll be happy to answer these questions :) Cheers. -- Stefano Zacchiroli . . . . . . . z...@upsilon.cc . . . . o . . . o . o Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o Former Debian Project Leader . . @zack on identi.ca . . o o o . . . o . « the first rule of tautology club is the first rule of tautology club » -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131005153218.ga3...@upsilon.cc
Re: Moving to stronger keys than 1024D
On Sat, Oct 05, 2013 at 05:32:18PM +0200, Stefano Zacchiroli wrote: On Sat, Oct 05, 2013 at 08:17:48AM -0700, Jonathan McDowell wrote: Now. If you have a 2048 bit or larger key that has been signed by at least 2 other DDs but still have a 1024D key in our keyring you should be filing a request for replacement. I'm sorry, I realize only now I wasn't clear on this point. I was talking about the WoT at large, not only the Debian keyring. I've indeed replaced my 1024D key wih my 4096R key in the Debian keyring a long time ago. What I haven't yet done is _revoking_ the old key. Doing that now should have no bad effect on the Debian keyring, as any potentially bad effect there has already happened when I did the replacement. If we assume that 1024D keys have questionable security then at some point you stop trusting them entirely whether they're revoked or not. I finally revoked my 1024D about a year ago and should really have done so sooner. The more useful question is how many of the signatures on your new key come from strong keys, and how many strong keys have you signed with that new key? Right. If you happen to have a oneliner to verify that I'll be happy to answer these questions :) I don't having anything to convenient answer that unfortunately. J. -- ] http://www.earth.li/~noodles/ [] Aunt Em: Hate Kansas. Hate you. [ ] PGP/GPG Key @ the.earth.li [] Taking dog. Bye. Dorothy. [ ] via keyserver, web or email. [] [ ] RSA: 4096/2DA8B985[] [ -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131005183113.gb8...@earth.li