Notes from keyring-maint; end of the world not predicted

[news 28]

 

There has been much recent discussion/activity regarding the

announcement of reduced complexity collision attacks against SHA-1. In

particular it has caused a spate of new GPG key announcements from

various DDs, and caused worry amongst others that action needs to be

taken.

 

My attitude to this is that yes, people should be considering replacing

their existing GPG keys with something stronger using SHA256 or better

for signatures (and a keysize of greater than 1024 bits). However this

should not be done at the expense of our Web of Trust; I don't believe

the situation warrants an instant key rollover. A more sensible approach

is new key generation now followed by spending the next 6 months or so

getting a decent number of cross signatures for that key before asking

for replacement.

 

So, some guidelines about key replacement to help ensure that newly

generated keys are integrated into the WoT and the removal of old keys

doesn't cause undue damage:

 

* The new key should be signed by at least 2 existing DD keys. More is

good.

* Replacement of the old key with the new one should not cause any other

key to no longer be in Debian's Web of Trust nor strongly connected

subset.

* Replacement of the old key with the new one should not cause a

significant weakening of Debian's Web of Trust. I don't have exact

figures for this at present, but it'll be based on the Betweenness

Centrality and mean-minimum-distance calculations most probably.

* Including a published transition document signed by both keys or a

revocation certificate for the old key will be looked upon favourably.

* The new key should be signed by the old one.

 

Note these are guidelines, not hard and fast rules. The usual due care

and attention should be paid to issuing signatures and cases where

developers are unable to maintain as well connected a key easily will be

listened to.

 

Requests for replacement should be done via the normal procedure; a

*clear signed* (RT mangles PGP/MIME) request to keyring ( -at -) rt.debian.org

with "Debian RT" in the subject, along with something descriptive.

 

 

Also I recently sent out mail to all those DDs who currently have both

PGPv3 and PGPv4 keys in our keyrings asking if the PGPv3 key could be

removed without causing disruption. So far I've had replies to fewer

than half of these mails. If you have received one and not yet replied

please do so; there are various weaknesses in v3 keys that mean that we

should be ceasing our use of them. Equally if you only have a v3 key at

present please look at generating a suitably strong v4 key and getting

it well integrated into the Web of Trust. I am more concerned with

ridding us of PGPv3 keys than SHA-1.

 

 

Finally thanks to the alioth admins the bzr tree used for maintaining

the keyring is now publicly accessible via:

 

bzr branch http://bzr.debian.org/keyring/debian-keyring/

 

or via the loggerhead web interface at:

 

http://bzr.debian.org/loggerhead/keyring/debian-keyring/changes

 

Note that this tree is only a copy of the master tree and will only be

updated at the points when the master tree is promoted to the live

keyring - so activity will appear bursty but that doesn't mean it's

stalled.

 

 

Useful links:

 

HOWTO prep for migration off SHA-1 in OpenPGP:

http://www.debian-administration.org/users/dkg/weblog/48

 

Betweenness Centrality in the Web of Trust:

http://pestilenz.org/cgi-bin/blosxom.cgi/2004/12/09#wot

 

A look at the Debian Web of Trust over time:

http://www.earth.li/~noodles/blog/2009/05/breaking-the-web-of-trust.html

 

 

 

J.

 

--

Most people are descended from apes. Redheads are descended from cats.