From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/20110131/002398.html | 117 ++++++++++++++++++++++++++++++++ 1 file changed, 117 insertions(+) create mode 100644 zarb-ml/mageia-dev/20110131/002398.html (limited to 'zarb-ml/mageia-dev/20110131/002398.html') diff --git a/zarb-ml/mageia-dev/20110131/002398.html b/zarb-ml/mageia-dev/20110131/002398.html new file mode 100644 index 000000000..53bc05c7b --- /dev/null +++ b/zarb-ml/mageia-dev/20110131/002398.html @@ -0,0 +1,117 @@ + + + + [Mageia-dev] PGP keys and package signing + + + + + + + + + +

[Mageia-dev] PGP keys and package signing

+ nicolas vigier + boklm at mars-attacks.org +
+ Mon Jan 31 20:12:24 CET 2011 +

+
+ +
On Mon, 31 Jan 2011, Michael Scherer wrote:
+
+> Le lundi 31 janvier 2011 à 18:26 +0100, nicolas vigier a écrit :
+> > On Mon, 31 Jan 2011, Michael Scherer wrote:
+> > 
+> > > We can 1) have a long enough expiration date ( but EOL + 1y seems quite
+> > > enough IMHO )
+> > > 2) push unexpired keys before it is too late if needed ( I routinely
+> > > push my key after extending the expiration date ).
+> > 
+> > Pushing new unexpired keys also means we need to resign all old packages
+> > if we want them to be installable. So that's not something we want to do
+> > too often if it's not needed.
+> 
+> Nope, I didn't say "new unexpired key", but just push the same key, with
+> the expiration date extended. That should be painless IIRC ( at least,
+> it is for me ).
+
+Oh, I misunderstood this as I imagined it was not possible to change
+expiration date on a key as it would be difficult to check if the change
+was done before expiration. But after checking, it is indeed possible,
+and it is even possible to do it after the expiration date.
+
+So we can do it, but we should remember that it does not protect against
+a key compromised after it has expired (as someone stealing the key
+can change the expiration date even after it has expired).
+
+So the only use of expiration date I see is to check that the key was
+updated from keyserver recently. Maybe we can set a short expiration
+time (15 days ?), and have something in cron to update it a few days
+before it expire ?
+
+> > > >  - I don't think using expiration date reduce the damage of a leaked
+> > > >    key. If the key is leaked, we revoke it (or its signature) immediatly
+> > > >    on all key servers, which should be faster than waiting for the key to
+> > > >    expire. And replacing an expired key is not more simple than replacing
+> > > >    a revoked key.
+> > > 
+> > > The problem is not leaking the key, it is about cryptographic attacks
+> > > about older keys.
+> > > 
+> > > If in 10 years, there is some technology that allows people to get our
+> > > private key by bruteforce on the public one, if it is expired, attackers
+> > > will not be able to use it even if they have it. Since the plan is to
+> > > say "every key signed is valid", then we are potentially screwed if a
+> > > old key is compromised offline.
+> > 
+> > If in 10 years there is some technology to get our private key, then
+> > it's still possible to revoke the key at that time. 
+> >
+> > Instead of deciding
+> > now that the key will expire in a few years, I would prefer that we look
+> > at it in a few years to decide if we want to revoke it.
+> 
+> Wouldn't it be too late ?
+
+Considering that it is possible to update expiration date even after it
+has expired, this expiration date doesn't protect against some technology
+that would allow people in the futur to bruteforce the private key.
+
+
+ + + + +
+

+ +
+More information about the Mageia-dev +mailing list
+ -- cgit v1.2.1