www-community mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Burrell Donkin <rdon...@apache.org>
Subject [OpenPGP] Key Transition
Date Wed, 19 Aug 2009 10:07:36 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

i plan to prepare a set of instructions for those who have a small key
and who want to transition to a longer one. most of this should be
uncontroversial.

there is one area that i think needs some more consideration. i don't
think that there is a great rush to implement this so - unless anyone
jumps in with something i've missed - i'll get on with the rest whilst
this is discussed.

a transition statement is a notice informing the world that the old key
is being replaced by a new one. it is signed by both the new key and the
old. for an example, see
http://www.jroller.com/robertburrelldonkin/entry/openpgp_transition_statement.

providing that the old key has not been compromised, a transition
statement allows those who trust the old key - and that it hasn't been
compromised - to resign the new key.

for apache, the risk with recommending this mechanism is that it's less
secure than signing after a F2F meeting - if a key is compromised then
transition statements could be published and keys signed in error.
however, without using transition statements, there is a risk that an
advance in cryptography will conclusively break SHA-1 or DSA before the
new apache WOT is viable.

if we decide to recommend transition statements then i recommend asking
committers to broadcast transition statements using a independent
trusted communication channel which can be monitored by committers. this
should provide more security than each person using an ad hoc solution.

for example, asking for statements to be committed to subversion would
mean that an attacker would have to comprise a users subversion
credentials as well as their private key. if that change were posted to
a public mailing list to which that user were subscribed then they would
be informed that their key had been comprised and could take appropriate
action.

opinions?

- - robert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBCgAGBQJKi87nAAoJEHl6NpRAqILLjqwQALzaot3LVWJwbCzxb2G9ZHbe
+1luE6cQ4BH8aEz/S8oZDYq0iekvmJESEYzylalis4H4NEMfoIvTKS5Wdthgwspj
IKxn6zjAgcj25+WFq+0sd8TK5BGoAYR9HOLkQsUEOFp3w693gbm3lE9XbRkFRMc5
c/T9n4hVnPXGEih5fzaeHhOxGDcnuRGu4ZSs+GfW/F6hncqhTdqKw8kXTWeQ9es/
8xNcIkxULUIOHOgjVgEyQBHCX7zDsW7p3kBysHuYNV3BIKEwSOO660LmEUmnOLYR
PYqFMEMmpEL8BJYZvtz1b9CG/ROtBWmy7GsjiXAvClWvZw93w5O+/qwFZ6LYQgO2
IRd+T+RknJzr7KdPE/vzrlCpAITNd5SU4ROpUT9hSj2cig7sZWwaPlC+W4fr+1eA
fk+PKPANEyBP2SnnNzmm9gOUCLahigHZVNR+8TBJVImAptQqvfpchrcwq+ov55vQ
AL/msg81DxZaj/TR3tjydy1xu61t2coJ1OAN/yn/UyeFxzyujHxdiHtudaCaAXeP
7tfCvEvHa9q4DotvfT5aS6+hVQTUy2Hxd9iOHFwim6ewE2DVsvryeYI3PP60g/Vj
XLoE6vpkJn3TgObQrhnGzF9vKLRBptYFy0HK8BacOaVdP8oQGeX2/02AGJ7mEwTi
7WpvJnmgD1ILnQt6ZrJx
=BVjD
-----END PGP SIGNATURE-----


---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org


Mime
View raw message