subject:"PGP"

SOP migration (was Re: Reaction to potential PGP schism)

2024-01-03 Thread Guillem Jover

Hi!

Daniel thanks for all your work on the OpenPGP working group,
and on SOP! :)

On Wed, 2023-12-20 at 22:16:28 -0500, Daniel Kahn Gillmor wrote:
> # What Can Debian Do About This?
> 
> I've attempted to chart one possible path out of part of this situation
> by proposing a minimized, simplified interface to some common baseline
> OpenPGP semantics -- in particular, the "Stateless OpenPGP" interface,
> or "sop", as documented here:
> 
>https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/

> If your part of Debian's infrastructure depends on GnuPG, consider
> making it depend on a sop implementation instead, so we don't end up
> stuck on a single OpenPGP implementation in the future.  If the sop
> semantics are insufficient for your purposes, please report your needs
> at https://gitlab.com/dkg/openpgp-stateless-cli !

I think this is the way to go, and to try to support that goal I
started a wiki page to track what might need to be switched:

https://gitlab.com/dkg/openpgp-stateless-cli/-/wikis/Stateless-OpenPGP-status

I listed there some potential issues I could come up with for such
migrations. Also at the time, something that felt like a soft blocker
was that the schism was not widely known, so having to give that full
context first for every contacted project seemed a bit awkward, which
now should be out of the way, and a reference to some of the published
articles should be enough.

Time and energy permitting, I'd like to start at least filing issues
for these projects, and ideally provide patches. Help with any of that
would be highly appreciated! Including how to best integrate SOP into
a distribution (I'll be updating one of the tickets for a potentially
better «alternatives» usage pattern).

Also if a project uses perl, and using the Dpkg::OpenPGP modules would
make sense there, please reach out so that we can see what might be
missing so that they can be stabilized to make them public interfaces.

Thanks,
Guillem

Re: Reaction to potential PGP schism

2023-12-21 Thread Cyril Brulebois

Hi Daniel,

Quick backstory: I stayed away from hardware crypto for a long while
since there were so many incompatibilities, partial support, or side
patches to get basic things to work. Over time, it seems it got to a
point where it's mainstream enough that you can buy a Yubikey without
much of a second thought, and get GPG to work out of the box on it…

Daniel Kahn Gillmor  (2023-12-20):
> OpenPGP implementations have generally learned from those failures, and
> many of them are now much more resilient and can support the kinds of
> upgrade path that we need to consider.  For most of our
> signing/verifying-focused work, that means:
> 
>  - verifying tools should ignore signatures and certificates that they
>don't understand, while still validating signatures from certificates
>that they do understand
> 
>  - signing tools can make pairs of signatures, one "compatibility"
>signature and one "modern" signature
> 
> This means that for a debian signing/verification context, like package
> distribution, which has a global workflow, starting from an existing
> OpenPGP implementation, signing key and corresponding verification
> certificate, it looks like:
> 
>  0) upgrade the signing tool, and start upgrading some of the
>  verification tooling.
> 
>  1) create a new signing certificate with the new version, algorithm, or 
> feature.
> 
>  2) distribute the old+new certificates for the verifiers.
> 
>  3) make signatures with old+new in parallel
> 
>  4) complete upgrade of all verification tooling
> 
>  5) stop making signatures with old signing certificates

… what does this mean for anything that involves hardware-backed crypto?
I'm thinking Yubikeys and the like, but also HSMs that might be on the
critical path to sign things like GRUB, linux (at least for now), etc.

Even if we end up with a brand new gnupg release on the relevant signing
host(s), I fear hardware devices might not feature all the bits that are
needed for those new features?


Cheers,
-- 
Cyril Brulebois (k...@debian.org)<https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Re: Reaction to potential PGP schism

2023-12-21 Thread Daniel Kahn Gillmor

Hi Gioele--

On Thu 2023-12-21 11:02:06 +0100, Gioele Barabucci wrote:
> On 21/12/23 04:16, Daniel Kahn Gillmor wrote:
> As the Uploader of rust-sequoia-openpgp, what do you think of the 
> related sequoia-chameleon-gnupg project [1] (drop-in replacement for gpg 
> that uses sequoia internally)?
>
> Would it work as a stop-gap measure while the Debian infrastructure 
> moves from GnuPG to something else (to `sop`, for instance)?
>
> [1] https://gitlab.com/sequoia-pgp/sequoia-chameleon-gnupg not yet in 
> Debian AFAIK

Thanks for pointing this out!  It looks interesting, but i've never used
it (or even tested it) myself.  I don't think it can be a completely
perfect, feature-for-feature replacement for GnuPG, given the
overwhelming complexity and peculiarity of the GnuPG interface, but I
imagine it would work for some people, for some purposes.

I certainly wouldn't object to anyone packaging it for debian as long as
it ships its binary interface someplace other than /usr/bin/gpg.  Modulo
dealing with the rust dependencies, that seems like an obviously
reasonable and straightforward thing to try to do.

I don't know how the "chameleon" would compare with GnuPG itself in
terms of performance or some of the scaling concerns i mentioned in my
earlier e-mail, but such a straightforward deployment should make it
easy to test.

If you're asking about using /etc/alternatives or something like that to
provide some sort of generic swapping capability, or a dpkg Provides:,
such that /usr/bin/gpg on some systems would point toward the
"chameleon", i would want to see some significant archive-wide testing
done before we even consider inflicting that on our normal users.  This
would be the kind of thing that the experimental archive is designed
for.

One of the ongoing challenges with GnuPG development is the fear of
dropping or mis-handling some feature or flag or option or configuration
that someone has stuffed into some script somewhere and completely
forgotten about.  GnuPG itself deals with this kind of problem
regularly, and sometimes things like this do break during an upgrade.
Clawing the way back from such a break actually ends up making the
interface even more complex and surprising to those people who haven't
seen how it accreted in the first place :/ It was scary enough to change
/usr/bin/gpg to move from the 1.4 branch to the 2.x branch many years
ago (we shipped the 2.0 branch as /usr/bin/gpg2, and only finally made
/usr/bin/gpg update when the 2.1.x branch was sufficiently mature). And
even thenm we dealt with the fallout from that change for years
(e.g. see /usr/bin/migrate-pubring-from-classic-gpg in the gnupg-utils
package).  The differences were enough that I resisted using
/etc/alternatives to let each installation decide which package offered
/usr/bin/gpg1, because of the dangerous side effects of switching back
and forth (see #806904 for example, and the conversations at DebConf14).
I can only imagine that trying to ship the "chameleon" as /usr/bin/gpg
would face some of the same challenges, probably even more severely.

At best, something like this would be a stop-gap, as you say.  i
wouldn't want the long-term health of *PGP functionality in debian to
depend specifically on the command-line interface for /usr/bin/gpg,
regardless of who is implementing it.  Even GnuPG upstream appears to
agree with this sentiment, as they encourage programmatic users of GnuPG
to use libgpgme, which is supposed to hide some of the command-line
complexity.

  --dkg

signature.asc
Description: PGP signature

Re: Reaction to potential PGP schism

2023-12-21 Thread Stephan Verbücheln

Interesting point in this talk: The APT team is already working on non-
PGP signatures.

https://wiki.debian.org/Teams/Apt/Spec/AptSign

I can see the advantages of that for release signatures which use a
rarely changing set of keys.
However, I do not see any good alternative for PGP for personal
signatures such as developer communication and maintainer uploads. PGP
is really handy because once trust of the key fingerprint for a person
is established, the person can easily make changes such as adding
subkeys, editing the expiration date, revoking keys, etc. at any time.

This would also be less convenient with a CMS-PKI-CA-hierarchy based
system.

Regards
Stephan


signature.asc
Description: This is a digitally signed message part

Re: Reaction to potential PGP schism

2023-12-21 Thread Enrico Zini

On Wed, Dec 20, 2023 at 10:16:28PM -0500, Daniel Kahn Gillmor wrote:

> # Why is GnuPG on Debian's Critical Path?
> 
> In 2023, I believe GnuPG is baked into our infrastructure largely due to
> that project's idiosyncratic interface.  It is challenging even for a
> sophisticated engineer to figure out how to get GnuPG to (probably,
> hopefully!) fulfill a cryptographic task in their project.  Once that is
> done, it's especially painful to consider moving to a different OpenPGP
> implementation, because the interface to another implementation rarely
> lines up cleanly with GnuPG's interface.

I maintain critical code that calls out to gnupg, in part because at the
time I wrote it that was the only thing available, and in part because
I'm supposed to offer the broadest possible compatibility with what
other people in Debian are using, so if everyone else seems to use
gnupg, gnupg is the first thing I would consider.

I hated and still hate every single moment I spent having to interface
with gnupg. The protocol to interact with it is custom, hydiosincratic,
poorly documented, and very hard to speak correctly. When in the end I
managed to make things work, I was always left with the feeling that
there would still be a corner case that I missed, or that will be
introduced in a future gnupg release, waiting to become a security issue
in our infrastructure, despite having asked for peer review from
appropriate people in Debian.

New releases make things harder rather than easier. Now gnupg is a
mini-ecosystem of security-critical daemons that need to be brought up
and killed, that may time out or run partly off sync with configuration,
which adds even more know-how to the amount require to survive as
downstream consumer of that one single "API".

I've been wanting for literally decades something with language
bindings, or with a protocol that is built on existing well-known
standards, outputting data that I can parse with an existing and tested
parser library, using I/O channels that I can manage using an existing
and tested communication library.

I hate it every single time I need to use gnupg, but still I use it
because I understand it's what Debian has been expecting me to use, so I
add that requirement to the pile of historical quirks that geologically
accrete in our community, which make our barrier of entry so stylishly
high, and make us appear oh so fearfully smart.

> # What Can Debian Do About This?
> 
> If you are implementing or maintaining an OpenPGP implementation in
> debian, please consider encouraging upsteam to add a sop frontend, and
> get it tested in the interop test suite!

This. 

I don't know if it should be sop or a protocol or a standard, but I'd
like to see Debian clearly document its expectations on its crypto
requirements, and stand behind it.

I personally believe that we should depend, for our core security, on an
interoperable standard with multiple implementations rather than a
project that follows the hydiosincracies of a single isolated upstream.

Whatever we do, though, I want that to be official. As things stand I'll
keep suffering with gnupg until at a DebConf I'll have at least 5 people
look at me wide-eyed and say "are you still using THAT? Everyone moved
to THIS instead!"

I'd like to ask for what mature OpenPGP implementations exist today,
pick one I feel I can confidently control, and then when somebody comes
and says "my gpg/$TOOL segfaults on your input", I want to be able to
point them at a documented decision and say "please report a bug to
$TOOL" instead of taking a week off to port everything again to gpg.

Thank you for all the work you've done on this over the years! I've
appreciated it with great gratitude and a big hope that some day, thanks
to you and others like you, those >=5 people at a DebConf will really
look at me wide-eyed and show me a way out of the pit.

Enrico

-- 
GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini 

signature.asc
Description: PGP signature

Re: Reaction to potential PGP schism

2023-12-21 Thread Gioele Barabucci


On 21/12/23 04:16, Daniel Kahn Gillmor wrote:

# What Can Debian Do About This?

I've attempted to chart one possible path out of part of this situation
by proposing a minimized, simplified interface to some common baseline
OpenPGP semantics -- in particular, the "Stateless OpenPGP" interface,
or "sop", as documented here:

https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/


Hi, thanks for the detailed overview.

As the Uploader of rust-sequoia-openpgp, what do you think of the 
related sequoia-chameleon-gnupg project [1] (drop-in replacement for gpg 
that uses sequoia internally)?


Would it work as a stop-gap measure while the Debian infrastructure 
moves from GnuPG to something else (to `sop`, for instance)?


Regards,

[1] https://gitlab.com/sequoia-pgp/sequoia-chameleon-gnupg not yet in 
Debian AFAIK


--
Gioele Barabucci

Re: Reaction to potential PGP schism

2023-12-21 Thread Meso Security

   Thank you very much  for your explanation   On Thu, Dec 21, 2023 at 2:13 AM, Christoph Biedl <debian.a...@manchmal.in-ulm.de> wrote:  Daniel Kahn Gillmor wrote...(...)Thanks for your exhaustive description. I'd just like to point out onepoint:> In practice, i think it makes the most sense to engage with> well-documented, community-reviewed, interoperably-tested standards, and> the implementations that try to follow them.  From my vantage point,> that looks like the OpenPGP projects that have continued to actively> engage in the IETF process, and have put in work to improve their> interoperability on the most sophisticated suite of OpenPGP tests that> we have (https://tests.sequoia-pgp.org/, maintained by the Sequoia> project for the community's benefit).  Projects that work in that way> are also likely to benefit from smoother upgrades to upcoming work in> the IETF like post-quantum cryptographic schemes:>> https://datatracker.ietf.org/doc/draft-wussler-openpgp-pqc/There was a presentation at the recent MiniDebconf in Cambridge aboutpost-quantum cryptography, including the consequences for Debian (thatwas by Andy Simpkins):https://wiki.debian.org/DebianEvents/gb/2023/MiniDebConfCambridge/SimpkinsThe key point AIUI is Debian must take precautions *very* *soon* asthere's a realistic chance QC will - within the lifetime of trixie -evolve to a point where it seriously weakens the cryptographic securityas we know it. In other words, Debian must prepare for PQC within thetrixie development cycle, so within 2024.Therefore, my answer to "How can Debian deal with this [schism]?" isbasically: Debian needs to change things in that area anyway, let'sfirst find an implementation that provides what we need and has a saneimplementation. If that means turning away from GnuPG, so be it. Thetransition will be painful anyway.Christoph




publicKey - MesoSecurity@protonmail.ch - 0xA98C9ECA.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

Re: Reaction to potential PGP schism

2023-12-21 Thread Christoph Biedl

Daniel Kahn Gillmor wrote...

(...)

Thanks for your exhaustive description. I'd just like to point out one
point:

> In practice, i think it makes the most sense to engage with
> well-documented, community-reviewed, interoperably-tested standards, and
> the implementations that try to follow them.  From my vantage point,
> that looks like the OpenPGP projects that have continued to actively
> engage in the IETF process, and have put in work to improve their
> interoperability on the most sophisticated suite of OpenPGP tests that
> we have (https://tests.sequoia-pgp.org/, maintained by the Sequoia
> project for the community's benefit).  Projects that work in that way
> are also likely to benefit from smoother upgrades to upcoming work in
> the IETF like post-quantum cryptographic schemes:
>
> https://datatracker.ietf.org/doc/draft-wussler-openpgp-pqc/

There was a presentation at the recent MiniDebconf in Cambridge about
post-quantum cryptography, including the consequences for Debian (that
was by Andy Simpkins):

https://wiki.debian.org/DebianEvents/gb/2023/MiniDebConfCambridge/Simpkins

The key point AIUI is Debian must take precautions *very* *soon* as
there's a realistic chance QC will - within the lifetime of trixie -
evolve to a point where it seriously weakens the cryptographic security
as we know it. In other words, Debian must prepare for PQC within the
trixie development cycle, so within 2024.

Therefore, my answer to "How can Debian deal with this [schism]?" is
basically: Debian needs to change things in that area anyway, let's
first find an implementation that provides what we need and has a sane
implementation. If that means turning away from GnuPG, so be it. The
transition will be painful anyway.

Christoph


signature.asc
Description: PGP signature

Re: Reaction to potential PGP schism

2023-12-20 Thread Daniel Kahn Gillmor

hey folks--

[ This message won't make sense unless the reader distinguishes clearly
  between OpenPGP the protocol and GnuPG the implementation! As a
  community we have a history of fuzzily conflating the two terms, which
  is one of the reasons that we're in this mess today.  Please read
  explicitly. ]

[ Background: for those who don't know, i've been a maintainer in debian
  of GnuPG and other OpenPGP-related tooling for several years, and i'm
  also the co-chair of the IETF's OpenPGP working group; i participated
  in many of the discussions that led to the current sorry situation,
  and it is happening despite my best efforts to avoid this problem.
  I'm probably as responsible for this situation as anyone in Debian
  is. My apologies. ]

The best outcome, in my opinion, would be for GnuPG to go ahead and
implement the pending updated OpenPGP specification (the so-called
"crypto-refresh"). I say this despite personally preferring some of the
concrete ways that i think the GnuPG project would have preferred to (as
indicated by the latest "LibrePGP" Internet-Draft, at least) diverge
from the OpenPGP specification.  There are enough other advantages to
the OpenPGP crypto-refresh that it doesn't make sense for GnuPG to
deliberately avoid implementing the community consensus. The GnuPG
project clearly has all the underlying cryptographic and engineering
capability to do this, if it wants to, and the OpenPGP crypto-refresh
process took deliberate measures to avoid collisions with any
prematurely deployed code that implements a draft that hadn't managed to
reach a rough consensus.

Can debian make GnuPG interoperate with the rest of the OpenPGP
ecosystem?  Probably not without GnuPG's cooperation: it would be a
substantial patchset to carry in Debian, and even trickier to do if
GnuPG upstream sees such a patchset as hostile.

Read on below if you want to consider some other options.

Stephan Verbücheln wrote:
> As you probably know, Debian relies heavily on GnuPG for various
> purposes, including:
> - developer communication
> - signing of tarballs and patches
> - automated processes such as update validation by APT

Debian by policy and by mechanism relies heavily on the OpenPGP protocol
for these things.  And i'd also add certificate verification, aka "web
of trust" for Debian developer identities to the list as well.

In particular, we use OpenPGP for cryptographic signing of software
source, packaging information, archive control, and distribution
mechanisms; for developer identities; and for cryptographic verification
of all of these things.  As a project, we don't make much use of the
encryption/decryption parts of OpenPGP, since we develop mainly in the
open.  But not everyone uses GnuPG for these purposes.  There are
multiple interoperable OpenPGP implementations in Debian beyond the
GnuPG family (C), including RNP (C/C++), pgpainless (java), pgpy
(Python), GOpenPGP (Go), hOpenPGP (haskell), and Sequoia (Rust).

But it is also true that the GnuPG implementation specifically is baked
into some of our infrastructure.  I'll get into why that is below (see
"Why is GnuPG on Debian's Critical Path?").

> How can Debian deal with this? Should Debian intervene to prevent the
> worst?

I don't think Debian can make a specific intervention that will avoid
the global problem, but i think there are things we can consider going
forward.

One possible approach is to drop the use of OpenPGP (or "LibrePGP")
entirely, and instead base our internal cryptographic dependencies on
bespoke cryptographic implementations.

I think that would be a mistake.

I do not want Debian's long-term health to depend on any particular
implementation.  If the implementation fails then we would have to (as a
project) decide on our own upgrade path.  For a failure due to
cryptanalytic advances, that can be particularly harrowing: I don't
think we as a project have the necessary expertise to do that well.  For
failures due to buggy implementations, we can always patch, but i wonder
about the amount of cryptanalytic review a bespoke implementation will
have as opposed to publicly audited generic tooling.

If we have to decide as a project on LibrePGP vs. OpenPGP, i'd prefer
the wider community project with a stable reference, functioning (albeit
sometimes rough) consensus, a range of diverse implementations, and
substantial public interoperability testing.  That means OpenPGP.

To be clear, the IETF OpenPGP working group actively solicited input
from the GnuPG team, and tried to work with the project as one
significant implementation among many.  But ultimately, the GnuPG
project decided to break away from the community process, and created
this "LibrePGP" split, which threatens interoperability for the *PGP
ecosystem as a whole.  Maybe the end result of this will be to put a
nail in *PGP's coffin, and we'll all just go back to bespoke
cryptographic imp

Re: Reaction to potential PGP schism

2023-12-14 Thread Joerg Jaspert


On 17077 March 1977, Stephan Verbücheln wrote:


How can Debian deal with this? Should Debian intervene to prevent the
worst?


We, as Debian, look and wait what comes out. And then *MAY* at some
point decide to add (or switch to) a new thing, if that appears better. 
Also, it will be a high bar for that.[1]


Individuals, including Debian developers, are - of course - free to jump 
in and take part in this.


[1] not counting the usage/scriptability of gnupg, that bar is somewhere 
down DEEEP in the earth, its so horrible.


--
bye, Joerg

Re: Reaction to potential PGP schism

2023-12-14 Thread Pierre-Elliott Bécue

Hi,

Personal view here.

Stephan Verbücheln  wrote on 14/12/2023 at 11:29:17+0100:

> [[PGP Signed Part:No public key for 603542590A3C7C62 created at 
> 2023-12-14T11:29:17+0100 using EDDSA]]
> Hello everyone
>
> As you probably know, Debian relies heavily on GnuPG for various
> purposes, including:
> - developer communication
> - signing of tarballs and patches
> - automated processes such as update validation by APT
>
> The OpenPGP Working Group at IETF is currently working on a new
> standard.
>
> https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/
>
> Due to different opinions, some people (including notably the GnuPG
> team) have quit the IETF Working Group and proposed their own LibrePGP
> standard.
>
> https://librepgp.org/
>
> Notably remaining in the IETF Working Group are people from Proton Mail
> (maintaining OpenPGP.JS) and Sequoia PGP (free implementation in Rust).
>
> The disagreements are about details such as algorithms and file formats
> which make both standards incompatible.
>
> How can Debian deal with this?

By doing nothing.

> Should Debian intervene to prevent the worst?

No.

-- 
PEB


signature.asc
Description: PGP signature

Reaction to potential PGP schism

2023-12-14 Thread Stephan Verbücheln

Hello everyone

As you probably know, Debian relies heavily on GnuPG for various
purposes, including:
- developer communication
- signing of tarballs and patches
- automated processes such as update validation by APT

The OpenPGP Working Group at IETF is currently working on a new
standard.

https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/

Due to different opinions, some people (including notably the GnuPG
team) have quit the IETF Working Group and proposed their own LibrePGP
standard.

https://librepgp.org/

Notably remaining in the IETF Working Group are people from Proton Mail
(maintaining OpenPGP.JS) and Sequoia PGP (free implementation in Rust).

The disagreements are about details such as algorithms and file formats
which make both standards incompatible.

How can Debian deal with this? Should Debian intervene to prevent the
worst?

Regards
Stephan



signature.asc
Description: This is a digitally signed message part

Re: PGP/GnuPG unsecure, should be replaced?

2019-07-25 Thread Volker Birk

On Thu, Jul 25, 2019 at 06:31:34PM +1200, Pieter le Roux wrote:
> Good idea! Change something because it works!

Hi,

there is sqv from Sequoia PGP:

https://sequoia-pgp.org/

Yours,
VB.
-- 
Volker Birk, p≡p project
mailto:v...@pep-project.org
https://pep.software


signature.asc
Description: PGP signature

Re: PGP/GnuPG unsecure, should be replaced?

2019-07-25 Thread Pieter le Roux

Good idea! Change something because it works!
Any change we can make it part of systemd?

My emoticon for being sarcastic:
OO|OO

On 19/07/19 11:34 PM, Stephan Seitz wrote:
> Hi!
>
> I found the following article about PGP/GnuPG:
> https://latacora.singles/2019/07/16/the-pgp-problem.html
>
> In short you should drop GnuPG because it doesn’t do anything really
> the right way. It should be replaced with different tools for
> different situations.
>
> Debian is using GnuPG for signing files. From the article:
>
> Signing Packages
>
> Use Signify/Minisign. Ted Unangst will tell you all about it. It’s what
> OpenBSD uses to sign packages. It’s extremely simple and uses modern
> signing. Minisign, from Frank Denis, the libsodium guy, brings the
> same design to Windows and macOS; it has bindings for Go, Rust,
> Python, Javascript, and .NET; it’s even compatible with Signify.
>
> What do you think?
>
> Shade and sweet water!
>
> Stephan
>

Re: PGP/GnuPG unsecure, should be replaced?

2019-07-21 Thread Iain Grant

I must have picked that up somewhere I didn't check when I was younger and
just took it as fact leading to fail :(  Sorry!

I am not a cryptographic expert - IANACE??

Iain

On Sun, Jul 21, 2019 at 8:11 PM Elmar Stellnberger 
wrote:

> Why do you think that TwoFish is bad? It was invented by Bruce Schneier
> and was in the last round of the AES competition. I believe it to be the
> better choice than AES.
> Am 20.07.19 um 21:41 schrieb Iain Grant:
>
> 2 fish... that in it's self is bad.  AES, sure lets all be ok about
> that.
>
> I also read the article and I realise I still rely on gpg far too much and
> that I need to ween myself off of it!
>
>
> Iain
>
> On Sat, Jul 20, 2019 at 8:33 PM qmi (list)  wrote:
>
>> Hi,
>>
>> On 7/19/19 1:34 PM, Stephan Seitz wrote:
>> > I found the following article about PGP/GnuPG:
>> > https://latacora.singles/2019/07/16/the-pgp-problem.html
>> >
>> > In short you should drop GnuPG because it doesn’t do anything really
>> > the right way. It should be replaced with different tools for
>> > different situations.
>>
>> I checked that article. For e.g. the article says, "If you’re lucky,
>> your local GnuPG defaults to 2048-bit RSA, the 64-bit-block CAST5 cipher
>> in CFB, ..."
>>
>> Wrong. The current implementation of GnuPG shipped by Debian Buster -
>> version 2.2.12 - does support modern cryptographic standards for
>> symmetric encryption, not only CAST5. For e.g., it does support twofish
>> and aes. Both of which use 128-bit block sizes, AFAIK. See command
>> output for gpg below about supported algorithms:
>>
>> "
>>
>> qmi@qmiacer:~$ gpg --version
>>
>> gpg (GnuPG) 2.2.12
>> (...)
>> Supported algorithms:
>> Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
>> Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
>>  CAMELLIA128, CAMELLIA192, CAMELLIA256
>> (...)
>> "
>>
>> So it's good enough, apparently.
>>
>> >
>> > Debian is using GnuPG for signing files. From the article:
>> >
>> > Signing Packages
>> >
>> > Use Signify/Minisign. Ted Unangst will tell you all about it. It’s what
>>
>> You may be right, though. That tool might have better bindings for
>> modern programming languages.
>>
>> Regards,
>> --
>> qmi
>> Email: li...@miklos.info
>>
>>

Re: PGP/GnuPG unsecure, should be replaced?

2019-07-21 Thread Elmar Stellnberger

Why do you think that TwoFish is bad? It was invented by Bruce Schneier 
and was in the last round of the AES competition. I believe it to be the 
better choice than AES.

Am 20.07.19 um 21:41 schrieb Iain Grant:

2 fish... that in it's self is bad.  AES, sure lets all be ok about that.

I also read the article and I realise I still rely on gpg far too much 
and that I need to ween myself off of it!

Iain

On Sat, Jul 20, 2019 at 8:33 PM qmi (list) <mailto:li...@miklos.info>> wrote:

Hi,

On 7/19/19 1:34 PM, Stephan Seitz wrote:
> I found the following article about PGP/GnuPG:
> https://latacora.singles/2019/07/16/the-pgp-problem.html
>
> In short you should drop GnuPG because it doesn’t do anything
really
> the right way. It should be replaced with different tools for
> different situations.

I checked that article. For e.g. the article says, "If you’re lucky,
your local GnuPG defaults to 2048-bit RSA, the 64-bit-block CAST5
cipher
in CFB, ..."

Wrong. The current implementation of GnuPG shipped by Debian Buster -
version 2.2.12 - does support modern cryptographic standards for
symmetric encryption, not only CAST5. For e.g., it does support
twofish
and aes. Both of which use 128-bit block sizes, AFAIK. See command
output for gpg below about supported algorithms:

"

qmi@qmiacer:~$ gpg --version

gpg (GnuPG) 2.2.12
(...)
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
 CAMELLIA128, CAMELLIA192, CAMELLIA256
(...)
"

So it's good enough, apparently.

>
> Debian is using GnuPG for signing files. From the article:
>
> Signing Packages
>
> Use Signify/Minisign. Ted Unangst will tell you all about it.
It’s what

You may be right, though. That tool might have better bindings for
modern programming languages.

Regards,
--
qmi
Email: li...@miklos.info <mailto:li...@miklos.info>

Re: PGP/GnuPG unsecure, should be replaced?

2019-07-21 Thread Malte

li...@miklos.info transcribed 1.4K bytes on 20-Jul-2019 21:25:
> 
> I checked that article. For e.g. the article says, "If you’re lucky, your
> local GnuPG defaults to 2048-bit RSA, the 64-bit-block CAST5 cipher in CFB,
> ..."
> 
> Wrong. The current implementation of GnuPG shipped by Debian Buster -
> version 2.2.12 - does support modern cryptographic standards for symmetric
> encryption, not only CAST5. For e.g., it does support twofish and aes. Both
> of which use 128-bit block sizes, AFAIK. See command output for gpg below
> about supported algorithms:

"defaults to" and "supports" are two different words with two different
meanings. GnuPG's history is full of new features getting developed
while insecure defaults being kept.

I think, before moving to something completely new, like signify,
moving to something like Sequoia PGP (https://sequoia-pgp.org),
might be a good first step, as it fits better with the already
existing infrastructure 路


Sincerely,

Malte

Re: PGP/GnuPG unsecure, should be replaced?

2019-07-20 Thread Iain Grant

2 fish... that in it's self is bad.  AES, sure lets all be ok about that.

I also read the article and I realise I still rely on gpg far too much and
that I need to ween myself off of it!


Iain

On Sat, Jul 20, 2019 at 8:33 PM qmi (list)  wrote:

> Hi,
>
> On 7/19/19 1:34 PM, Stephan Seitz wrote:
> > I found the following article about PGP/GnuPG:
> > https://latacora.singles/2019/07/16/the-pgp-problem.html
> >
> > In short you should drop GnuPG because it doesn’t do anything really
> > the right way. It should be replaced with different tools for
> > different situations.
>
> I checked that article. For e.g. the article says, "If you’re lucky,
> your local GnuPG defaults to 2048-bit RSA, the 64-bit-block CAST5 cipher
> in CFB, ..."
>
> Wrong. The current implementation of GnuPG shipped by Debian Buster -
> version 2.2.12 - does support modern cryptographic standards for
> symmetric encryption, not only CAST5. For e.g., it does support twofish
> and aes. Both of which use 128-bit block sizes, AFAIK. See command
> output for gpg below about supported algorithms:
>
> "
>
> qmi@qmiacer:~$ gpg --version
>
> gpg (GnuPG) 2.2.12
> (...)
> Supported algorithms:
> Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
> Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
>  CAMELLIA128, CAMELLIA192, CAMELLIA256
> (...)
> "
>
> So it's good enough, apparently.
>
> >
> > Debian is using GnuPG for signing files. From the article:
> >
> > Signing Packages
> >
> > Use Signify/Minisign. Ted Unangst will tell you all about it. It’s what
>
> You may be right, though. That tool might have better bindings for
> modern programming languages.
>
> Regards,
> --
> qmi
> Email: li...@miklos.info
>
>

Re: PGP/GnuPG unsecure, should be replaced?

2019-07-20 Thread qmi (list)


Hi,

On 7/19/19 1:34 PM, Stephan Seitz wrote:

I found the following article about PGP/GnuPG:
https://latacora.singles/2019/07/16/the-pgp-problem.html

In short you should drop GnuPG because it doesn’t do anything really 
the right way. It should be replaced with different tools for 
different situations.


I checked that article. For e.g. the article says, "If you’re lucky, 
your local GnuPG defaults to 2048-bit RSA, the 64-bit-block CAST5 cipher 
in CFB, ..."


Wrong. The current implementation of GnuPG shipped by Debian Buster - 
version 2.2.12 - does support modern cryptographic standards for 
symmetric encryption, not only CAST5. For e.g., it does support twofish 
and aes. Both of which use 128-bit block sizes, AFAIK. See command 
output for gpg below about supported algorithms:


"

qmi@qmiacer:~$ gpg --version

gpg (GnuPG) 2.2.12
(...)
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
    CAMELLIA128, CAMELLIA192, CAMELLIA256
(...)
"

So it's good enough, apparently.



Debian is using GnuPG for signing files. From the article:

Signing Packages

Use Signify/Minisign. Ted Unangst will tell you all about it. It’s what


You may be right, though. That tool might have better bindings for 
modern programming languages.


Regards,
--
qmi
Email: li...@miklos.info

PGP/GnuPG unsecure, should be replaced?

2019-07-19 Thread Stephan Seitz


Hi!

I found the following article about PGP/GnuPG:
https://latacora.singles/2019/07/16/the-pgp-problem.html

In short you should drop GnuPG because it doesn’t do anything really the 
right way. It should be replaced with different tools for different 
situations.


Debian is using GnuPG for signing files. From the article:

Signing Packages

Use Signify/Minisign. Ted Unangst will tell you all about it. It’s what
OpenBSD uses to sign packages. It’s extremely simple and uses modern 
signing. Minisign, from Frank Denis, the libsodium guy, brings the same 
design to Windows and macOS; it has bindings for Go, Rust, Python, 
Javascript, and .NET; it’s even compatible with Signify.


What do you think?

Shade and sweet water!

Stephan

--
| Public Keys: http://fsing.rootsland.net/~stse/keys.html |


smime.p7s
Description: S/MIME cryptographic signature

Re: make-pgp-clean-room suggestions / patches

2018-02-27 Thread Rebecca N. Palmer

(continued from 
https://lists.debian.org/debian-security/2017/11/msg9.html )


I seem to be banned from contacting Daniel Pocock by his spam filter, so 
I decided to write my own scripts, which turned into a rather bigger 
project than I'd planned on.


Note that while this takes no code from his version, I am *not* trying 
to start an ongoing independent project: in addition to the generic 
fragmenting-effort-is-bad reasons, I don't want to be a repository owner 
of something this sensitive.


Features:
- Image creation first creates a local mirror of the needed packages 
then runs live-build without networking, to work around #718225 
(live-build not always authenticating its downloads) and allow building 
an image from within the liveCD.
- Key media can be USB sticks or CDs/DVDs (using the toram parameter to 
allow removing the boot liveCD).  They are kept in sync by 
startup/shutdown scripts (i.e. _not_ RAIDed).

- Plays an anti-acoustic-cryptanalysis sound during passphrase entry.
- RAM wiping, by either a "fill memory" option of the shutdown script, 
or memtest86+ (more thorough, but requires BIOS (not EFI) boot and 
remembering to reboot into it).
- Integrity check of the main system: check that file contents are what 
the packages say they should be.  (Unlike tiger's deb_checkmd5sums, if 
you have the package file in the APT cache this verifies the whole chain 
back to the liveCD's debian-archive-keyring.)


Known issues:
- Originally designed for my own use: has hardcoded assumptions that are 
not appropriate for general use.  (As it stands, it probably won't even 
build on systems other than mine, due to the usernames/paths in 
reproduce.sh / mirror_check_update.py )
- Less focused on ease of use than the original proposal: lacks a menu 
system.


Networking and Bluetooth are currently hard-disabled by simply omitting 
the relevant kernel modules from the liveCD (because I didn't fancy an 
hours-long kernel recompile): this seems to work, but it might be better 
to do this in a more official way.


gpglive.tar.xz
Description: application/xz


gpglive.tar.xz.sig
Description: PGP signature

make-pgp-clean-room suggestions / patches

2017-11-04 Thread Rebecca N. Palmer

Background: my sponsor suggested that I apply for DM over a year ago, 
and the reason I haven't done so is that I'm not sure my security is up 
to it, given that anyone who hacks a DM can upload a Trojan.  I only own 
one computer [0] (meaning it gets used for everything from contributing 
to casual web browsing and reading often-spam email) and my skills are 
at the maths-not-sysadmin end of programming.  I have recently been 
reading up on security with intent to resolve this.


Given the very security-sensitive nature of this project, can you point 
me to (or create) some proof that the person behind it is Pocock-the-DD? 
 If such already exists, I can't find it: neither the announcement 
messages [2] nor the commits are signed, there isn't a Debian package, 
and Alioth doesn't show the userid (the one where lack of -guest = DD) 
of commits anywhere I can find.


Is it appropriate for new contributors to edit this project's wiki page 
[9]?  If yes, I would probably add some of this there.


Is the reason this is still a jessie image simply "nobody has touched it 
since stretch release", or does it actually break in stretch?


paperkey doesn't straightforwardly work with GnuPG2 keys [3]; I don't 
know if there's a way round this or whether printing "base64 
~/.gnupg/private-keys-v1.d/[keygrip]" (in an OCR-friendly font, it's 
~3000 characters per RSA4096 key) would be a better suggestion.




Removing networking: this boots for me, but I haven't tested it much 
beyond that, or checked whether it actually does disable networking 
(there are some built-in net modules, which it won't remove, and it also 
might need an initramfs update).  Warning: make sure this is a chroot 
hook, not a binary hook!


config/hooks/live/0020-delete-network-modules.hook.chroot:
#!/bin/sh

rm -rf /lib/modules/*/kernel/net
rm -rf /lib/modules/*/kernel/drivers/net
rm -rf /lib/modules/*/kernel/drivers/bluetooth

-

usbguard tool for choosing what USB devices to allow [4]:
-Each rule allows a kind of USB devices, which can be as general as "all 
printers" or as specific as "Yubikey serial #xxx" (a tool is provided to 
generate the latter kind for the currently connected devices).
-A rule may allow either an unlimited number of its kind of device or 
only one, but the latter is "first one found wins", *not* "if there's 
more than one, block them all".
-There is a global setting for whether the rules apply to devices 
already present at boot time (default off).


Given that the obvious way for malicious USB firmware to get into the 
rest of the system is for the infected device to claim to be a keyboard, 
and we don't want to totally block USB keyboards because this will often 
block the only real keyboard, the best setup for a distributable image 
is probably "allow all at boot, only classes 7,8,9,B (printer, storage, 
hub, smart card) after" and tell the user not to insert the 
data-transfer USB stick until after booting (a good idea anyway to make 
sure you can't *boot* from malicious content on that stick).


This would be (untested!) adding usbguard to the package list and

resources/config/includes.chroot/etc/usbguard/rules.conf:
allow with-interface equals { 07:*:* }
allow with-interface equals { 08:*:* }
allow with-interface equals { 09:*:* }
allow with-interface equals { 0b:*:* }

For users generating their own image, we could also offer the option of 
"only classes 7,8,9,B plus (if needed) my particular USB keyboard, 
including at boot", but this would be a lower priority.


The Intel ME/AMT issue:
-It nominally doesn't use wireless unless either the OS does or it's 
been explicitly told to [5].
-Check whether it's on [6], and if it is, ask the user to turn it off in 
the BIOS settings before proceeding?
-Actually deleting it is claimed to be possible [7], but involves 
physically connecting a programmer to the flash chip (~$40 of hardware, 
on some laptops disassembling parts that weren't meant for end users to 
disassemble, and may brick the system if you make a mistake).

I haven't investigated the AMD equivalent.

As these don't cover all places malicious firmware could be hiding, 
there would be some benefit to using a dedicated computer for this 
(possibly an ARM board to have less firmware in the first place, but 
live-build can't cross build), but given that an attacker sophisticated 
enough to try a firmware attack may well also be sophisticated enough to 
try modifying your package on your main system and waiting for you to 
sign it (which isn't outright stealing your key but is still a way to 
sneak malware into the archive), a better split for a DD with two 
machines might be "all development on one, browsing/gaming/general 
entertainment on the other".




A possible "what else is a separate extra-high-security install useful 
for?" feature: an option to run a rootkit scan (e.g. chkrootkit) and/or 
integrity check (e.g. tiger deb_checkmd5sums [8]) on

Re: [SECURITY] [DSA 3281-1] Debian Security Team PGP/GPG key change notice

2015-06-07 Thread Marcos Mezo

El 7 de junio de 2015 21:00:01 CEST, Thijs Kinkhorst th...@debian.org
escribió:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

-
-
Debian Security Advisory DSA-3281-1
secur...@debian.org
http://www.debian.org/security/ Thijs
Kinkhorst
June 7, 2015
http://www.debian.org/security/faq
-
-

This is a notice that the Debian security team has changed its PGP/GPG
contact key because of a periodic regular key rollover.

The new key's fingerprint is:
0D59 D2B1 5144 766A 14D2 41C6 6BAF 400B 05C3 E651

The creation date is 2015-01-18 and it has been signed by the previous
Security Team contact key and several individual team members.

Please use the new key from now on for encrypted communication with the
Debian Security Team. You can obtain the new key from a keyserver,
e.g.,
http://pgp.surfnet.nl/pks/lookup?op=vindexsearch=0x0D59D2B15144766A14D241C66BAF400B05C3E651

Our website has been updated to reflect this change.

Note that this concerns only the key used for communication with the
team. The keys used to sign the security.debian.org APT archive or
the keys used to sign the security advisories have not changed.

Further information is available at https://www.debian.org/security/.

Mailing list: debian-security-annou...@lists.debian.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEcBAEBCAAGBQJVdJSGAAoJEFb2GnlAHawEOxIIAJWUNtyJ24UvHIj128PY1hkY
AdDMzO+kLJNnkEftKRsj6RkcFgroFqoK/HqfOGM1nkGLbfwM92S7eDW3VoMtvmXH
wePiZdhpijfLjbazGggPd5q4lWWYcIMQ9opCz5/lmEeRPCec0wU5X6HDcSJP0OCs
dksvJRqu/Z9ZXV3NG5ytP1Llgr6nnSk+FPrQj5f006P7Kqy3R5XKed2tdKtBSVtY
mSO6/nmMRdbsht0FMzJ+FnNVrM6Tclje5RrTnl6dPYkqnySlTERvwXAEsTkaaiY0
SuTHbPjBtgJo4crfEt/AoNbhfby/IaeOi2AOc0zKpGziiax+opxUCRbwL2irX9Q=
=gsdL
-END PGP SIGNATURE-

--
To UNSUBSCRIBE, email to
debian-security-announce-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
listmas...@lists.debian.org
Archive:
https://lists.debian.org/20150607190001.a5a4593...@kinkhorst.com

--
Enviado desde mi teléfono con K-9 Mail.

Re: Use of DSA number for general announcements (was: [DSA 2548-1] Debian Security Team PGP/GPG key change notice)

2012-09-17 Thread Nico Golde

Hi,
* Arthur de Jong adej...@debian.org [2012-09-16 21:03]:
 On Fri, 2012-09-14 at 10:31 +0200, Nico Golde wrote:
  I just want to point out though that as far as I know you can't send
  an announcement mail to this list without a fake DSA id.
 
 Perhaps it is an idea to also reject mails with a DSA id already issued?
 That could save a few problems. Judging by the mail archives 20 DSA ids
 were used more than once in the last few years.

I opened a bug report for this: 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687935

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0


pgpvFTkwIGzGC.pgp
Description: PGP signature

Re: Use of DSA number for general announcements (was: [DSA 2548-1] Debian Security Team PGP/GPG key change notice)

2012-09-16 Thread Arthur de Jong

On Fri, 2012-09-14 at 10:31 +0200, Nico Golde wrote:
 I just want to point out though that as far as I know you can't send
 an announcement mail to this list without a fake DSA id.

Perhaps it is an idea to also reject mails with a DSA id already issued?
That could save a few problems. Judging by the mail archives 20 DSA ids
were used more than once in the last few years.

-- 
-- arthur - adej...@debian.org - http://people.debian.org/~adejong --


signature.asc
Description: This is a digitally signed message part

Re: [SECURITY] [DSA 2548-1] Debian Security Team PGP/GPG key change notice

2012-09-15 Thread Matt

~smi~ 



Nico Golde n...@debian.org wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- -
Debian Security Advisory DSA-2548-1   secur...@debian.org
http://www.debian.org/security/Nico Golde
September 13, 2012 http://www.debian.org/security/faq
- -

This is a notice to inform you, that our previous PGP/GPG key expired.
The fingerprint of the *old* key is:
2764 4A76 61FD 9614 BCD6  844F 370E 2BFC 68B6 4E0D

The *new* key fingerprint is:
BACB 4B5C 30AC 38F3 19EE  961E 2702 CAEB 90F8 EEC5

Please use the new key from now on for encrypted communication with the
Debian Security Team.  Please obtain the new key from a keyserver, e.g.,
http://pgp.surfnet.nl/pks/lookup?op=vindexsearch=0xBACB4B5C30AC38F319EE961E2702CAEB90F8EEC5

Our website will be updated shortly to reflect this change.

Further information is available at http://www.debian.org/security/.

Mailing list: debian-security-annou...@lists.debian.org

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlBRtmgACgkQHYflSXNkfP+ulgCfa4SEWA+rgujISyAWF22eveAx
PT4An20bkhJOeoUMRV+LMLibpXhdQyEi
=BO8T
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-security-announce-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120913103312.ga28...@ngolde.de

Re: Use of DSA number for general announcements (was: [DSA 2548-1] Debian Security Team PGP/GPG key change notice)

2012-09-14 Thread Nico Golde

Hi,
* David Prévot taf...@debian.org [2012-09-14 03:30]:
 Le 13/09/2012 06:33, Nico Golde a écrit :
  -
  Debian Security Advisory DSA-2548-1   secur...@debian.org
  http://www.debian.org/security/Nico Golde
  September 13, 2012 http://www.debian.org/security/faq
  -
  
  This is a notice to inform you, that our previous PGP/GPG key expired.
 
 Thanks for notifying us on debian-security-announce@l.d.o, but I
 disagree that such an announcement deserves a DSA number. DSA-2360 was
 also a misuse of a DSA number IMHO, and would have deserved a copy on
 wider audience (e.g. on debian-announce@l.d.o). Please don't hesitate to
 get in touch with the press or publicity team next time you prepare a
 big announcement.

I honestly can think of better use of my time than discussing this. I just 
want to point out though that as far as I know you can't send an announcement 
mail to this list without a fake DSA id.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0


pgpO7u4r9kpgG.pgp
Description: PGP signature

Use of DSA number for general announcements (was: [DSA 2548-1] Debian Security Team PGP/GPG key change notice)

2012-09-13 Thread David Prévot

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

Le 13/09/2012 06:33, Nico Golde a écrit :
 -
 Debian Security Advisory DSA-2548-1   secur...@debian.org
 http://www.debian.org/security/Nico Golde
 September 13, 2012 http://www.debian.org/security/faq
 -
 
 This is a notice to inform you, that our previous PGP/GPG key expired.

Thanks for notifying us on debian-security-announce@l.d.o, but I
disagree that such an announcement deserves a DSA number. DSA-2360 was
also a misuse of a DSA number IMHO, and would have deserved a copy on
wider audience (e.g. on debian-announce@l.d.o). Please don't hesitate to
get in touch with the press or publicity team next time you prepare a
big announcement.

Regards

David

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJQUoguAAoJELgqIXr9/gny8xEP/jT7oCPsYppRuK5nsD5Mjg5K
qPE8R6JZM/98okBQGmRE8X8kSC6Iz08+bwN11SfoBqw3j3mrZCEMUQG244oMnW3L
I02Qq0s9ixwBCnPHGlLCn5R5tVjv9G5DcG4DkHNVBQb9BphL9hJxHSwAxBf5/yPH
EW8sHJ/gSP8+ap0BUk6rMMD4Kuj2qukz7F22mZchf5Urto+N6vV9XiBPVXfL5qV4
tSLkXlcasVOrFWZsFNFnPl0bUxZuXh2A80usWLWb0JxGhSKAEa+k7C7m2YwUkLhv
YdxxIP0mqkvmkQXL94f1bZtB353ni4lcBAsfRR84gG4Kr12+Oeq5jyuxhFlNNLrP
eTlo2aEffbIOZYsCpWdD8gv2gJNt4bhH0fJNGHkJ1rUqdKWv7sQZ2CnYdzmBuikG
2v30CWEGAMWl6mkWrZ3cyST/T+EVm+pTI2blnodLASHpp7XM+ZW4pU1dskXUqSlH
Tz9OE6dIvVPQpuwvjbQMSTlaj95RTlvPbRdSyLpT9/uxn+kkS/FeTp1jGCCHaOiu
LbrPOe8hyOGoCcb9BwGIcqEZq1RBFtR5D35qStukKITfxpYjI1JSw8CWcUCCZe0s
hxjvIeCwg4TdLUui8WM02eZWhz6DyGAlC3YuJdyjzE8q6uTv33RlNboS3CPkADMs
atK9GNhQ9/Zw895dNdna
=rnSD
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/5052882f.7060...@debian.org

Re: Use of DSA number for general announcements (was: [DSA 2548-1] Debian Security Team PGP/GPG key change notice)

2012-09-13 Thread Thijs Kinkhorst

Hi David,

On Fri, September 14, 2012 03:28, David Prevot wrote:
 This is a notice to inform you, that our previous PGP/GPG key expired.

 Thanks for notifying us on debian-security-announce@l.d.o, but I
 disagree that such an announcement deserves a DSA number. DSA-2360 was
 also a misuse of a DSA number IMHO, and would have deserved a copy on
 wider audience (e.g. on debian-announce@l.d.o). Please don't hesitate to
 get in touch with the press or publicity team next time you prepare a
 big announcement.

Well, this is of course how we 'always' do it. I'm not sure I understand:
why is it a problem to use (even misuse?) a number? They are free and we
have ample supply.

I doubt a technicallity like a key rollover, which is only relevant for
people actively conversing with the security team, is useful to post to
debian-announce.


Cheers,
Thijs


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/6a6d36035560b0b170b587b5751eecb0.squir...@wm.kinkhorst.nl

Re: Handling personal/self(WebOfTrust) pgp/gpg private keys.

2009-07-06 Thread Mike Mestnik

Is there any suggestions as to where I could get reliable information related to
this topic?  For example what do Debian Developers do with there private keys?

Well, I might as well try and take a stab at it.  I'll rate my
suggestions from 1 to 5
based on how well I understand the issue a 1 would indecate that I'm not at all
sure about this advice and a 5 would indicate I've been told to do this and had
myself and others report success/problems with it.

5. Use a symmetric pass-phrase to encrypt your key.
5. Don't forget your pass-phrase.
4. Generate a revocation for use if you loose your key.
2. store a revocation in multiple locations.
4. Protect yourself from some one stealing/using your revocation.
3. It may defeat the purpose of having a revocation if it has a
: symmetric pass-phrase.
5. Chose a strong pass-phrase, I use apg.
code
che...@overrun:~$ apg

Please enter some random data (only first 8 are significant)
(eg. your old password):/I typed test/
Rappern2 (Rapp-ern-TWO)
UgCijAc7 (Ug-Cij-Ac-SEVEN)
EevfibOpud7 (Eev-fib-Op-ud-SEVEN)
Ewyevdat8 (Ew-yev-dat-EIGHT)
9Wrivyeaheny (NINE-Wriv-yea-hen-y)
MimGufIbrIv2 (Mim-Guf-Ibr-Iv-TWO)
/code
5. Make sure your key is stored on vary reliable media.
1. Store your key in multiple locations or on a few computers.
4. Use removable media and a secure safe for a backup.
1. Perhaps using different pass-phrase.
1. Don't bother to change your pass-phrase.
5. Change your pass-phrase if it should ever be discovered.
1. Store your key on a trusted *shell that all your boxes
: have access too.
1. Use ssh-agent on your local system to 'fetch'/ssh-add
: the key over ssh.
3. Don't ever store your keys in NV storage on a portable
: device.
2: Don't store your keys on a desktop system in your home
: or anywhere else if theft could be a problem.

* A shell being a highly reliable shell account on a server.(Some
examples/suggestions would be nice)

On Wed, Jun 24, 2009 at 2:18 AM, Mike Mestnikche...@visi.com wrote:
 Are there any guide lines for the Web-Of-Trust projects surrounding
 Debian or in general?  I have had a number of problems with private keys
 over these past years that I've used PKI, forgetting the password,
 loosing(what partition/server/drive) the file, drive corruption,
 accidental deletes.  I've recently lost my job and thus my work related
 pgp key that I've used for my work email address and several work
 related PKIs.  Thus I'm at a point where I can once again start fresh
 and not wanting to repeat previous mistakes I wanted to get some vector
 on what are good ideas and what ideas would sound good but be vary bad.



--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Handling personal/self(WebOfTrust) pgp/gpg private keys.

2009-06-24 Thread Mike Mestnik

Are there any guide lines for the Web-Of-Trust projects surrounding
Debian or in general?  I have had a number of problems with private keys
over these past years that I've used PKI, forgetting the password,
loosing(what partition/server/drive) the file, drive corruption,
accidental deletes.  I've recently lost my job and thus my work related
pgp key that I've used for my work email address and several work
related PKIs.  Thus I'm at a point where I can once again start fresh
and not wanting to repeat previous mistakes I wanted to get some vector
on what are good ideas and what ideas would sound good but be vary bad.


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: PGP key to use to contact the Security Team

2009-01-07 Thread Simon Valiquette


Joey Schulze un jour écrivit:

Simon Valiquette wrote:


  In the Securing Debian Manual, the key id to use to send an encrypted
email to the security team is 363CCD95, but on the following link,
it is F2E861A3 that is listed instead.

http://www.debian.org/security/faq.en.html#contact


Maybe the Securing Debian Manual is not up-to-date with regards to the
security contact key?



  I know, but since both keys were still valids, there was nothing either 
to indicate that it was the FAQ page which was wrong.



1. Do both keys are still valid?


You should use 0x/F2E861A3.



  Thank you, I will fix the Securing Debian Manual about it.


2. If the key F2E861A3 is legitimate (which I think it is because
I have a trust path to it), wouldn't it makes sense to sign it with
the old key as well? Or alternatively by 3 members of the security
team instead of just one?


old key would refer to 0x3682B5DF which expired on February 1st 2007
and is the predecessor to the current key.


 It would be kind of late to sign the current key with it only now, but 
it can make sense to sign the next key with F2E861A3 before it expire. 
Unless it is revoked, it would show quite clearly the intent and makes 
faking a new key much more difficult.


 Alternatively, announcing the new key once a year on debian-security in 
a signed email would do it, as we would be able to easily google for the 
key and check if it is legitimate.  People writing documentation would 
also notice the change a lot more quickly.


 The idea is that it is actually too easy for a single person to fake a 
new key ID, and too difficult to checks its legitimacy as the only public 
reference to it was the security FAQ page.


 Another solution is to have 3 people from the security team signing the 
key, as that would increase enough the trustfulness of the key.



Simon Valiquette


--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: PGP key to use to contact the Security Team

2009-01-04 Thread Joey Schulze

Simon Valiquette wrote:
 
   Hello, I am finishing the French translation of the Securing Debian
 Manual, and I noticed something about the key to use to contact the
 Debian Security Team.
 
   In the Securing Debian Manual, the key id to use to send an encrypted
 email to the security team is 363CCD95, but on the following link,
 it is F2E861A3 that is listed instead.
 
 http://www.debian.org/security/faq.en.html#contact

Maybe the Securing Debian Manual is not up-to-date with regards to the
security contact key?

 1. Do both keys are still valid?

You should use 0x/F2E861A3.

 2. If the key F2E861A3 is legitimate (which I think it is because
 I have a trust path to it), wouldn't it makes sense to sign it with
 the old key as well? Or alternatively by 3 members of the security
 team instead of just one?

old key would refer to 0x3682B5DF which expired on February 1st 2007
and is the predecessor to the current key.

 3. The key F2E861A3 claims to have been created on 2007-07-29 and is
 set to expire on 2009-02-18.  So could someone clarify what will
 happens after it expire in six weeks?  Will it be replaced by a new
 key, or will the expiration date simply be changed?

It will be replaced by a newer key, as has happened with the security
key before.

Regards,

Joey

-- 
WARNING: Do not execute!  This call violates patent DE10108564.
http://www.elug.de/projekte/patent-party/patente/DE10108564

wget -O patinfo-`date +%Y%m%d`.html http://patinfo.ffii.org/


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: PGP key to use to contact the Security Team

2009-01-03 Thread Jonathan McDowell

On Mon, Dec 29, 2008 at 03:50:48PM +0100, Kurt Roeckx wrote:
 On Mon, Dec 29, 2008 at 07:32:47AM -0500, Simon Valiquette wrote:
So here are my questions:
  
  1. Do both keys are still valid?
  
  2. If the key F2E861A3 is legitimate (which I think it is because
  I have a trust path to it), wouldn't it makes sense to sign it with
  the old key as well? Or alternatively by 3 members of the security
  team instead of just one?
  
  3. The key F2E861A3 claims to have been created on 2007-07-29 and is
  set to expire on 2009-02-18.  So could someone clarify what will
  happens after it expire in six weeks?  Will it be replaced by a new
  key, or will the expiration date simply be changed?
  
  3. If the old key 363CCD95 is not used anymore, is there any reasons
  for not revoking it?
 
 4. Why is 363CCD95 on keyring.debian.org but F2E861A3 isn't?

There is an outstanding RT ticket (#353) open for removing 363CCD95 from
keyring.debian.org. I have asked for a revocation certificate for it if
it's no longer in use and if a newer key should be included, but
received no reply so have made no changes.

J.

-- 
Web [   Reality is for people with no grasp of fantasy.]
site: http:// [  ]   Made by
www.earth.li/~noodles/  [  ] HuggieTag 0.0.23


signature.asc
Description: Digital signature

Checking PGP signature for DSA from M Muehlenhoff

2006-04-03 Thread Frédéric Bothamy

Hello,

I was wondering why PGP signatures for DSA emails sent to
debian-security-announce were not checked when they came from Moritz
Muehlenhoff while DSA sent by Martin Schulze were checked.

I have found out that the Debian security team keyring (from
http://www.debian.org/security/faq) does not contain his key. Is this an
oversight or do I miss something else (I don't pretend to understand
much about PGP/GPG validation)?

TIA


Fred


PS : please CC me as I am not subscribed to debian-security. Thanks.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

1 2 >

1 - 100 of 128 matches

Mail list logo