www-community mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Grant Ingersoll <gsing...@apache.org>
Subject Re: [OpenPGP] Key Transition
Date Wed, 14 Oct 2009 00:11:24 GMT
Another question:

When updating my KEYS file (per http://www.apache.org/dev/key-transition.html#transition-export

), do I replace my old one with the new "dual" export, or do I append  
to the KEYS file?

-Grant

On Aug 19, 2009, at 6:07 AM, Robert Burrell Donkin wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> i plan to prepare a set of instructions for those who have a small key
> and who want to transition to a longer one. most of this should be
> uncontroversial.
>
> there is one area that i think needs some more consideration. i don't
> think that there is a great rush to implement this so - unless anyone
> jumps in with something i've missed - i'll get on with the rest whilst
> this is discussed.
>
> a transition statement is a notice informing the world that the old  
> key
> is being replaced by a new one. it is signed by both the new key and  
> the
> old. for an example, see
> http://www.jroller.com/robertburrelldonkin/entry/openpgp_transition_statement 
> .
>
> providing that the old key has not been compromised, a transition
> statement allows those who trust the old key - and that it hasn't been
> compromised - to resign the new key.
>
> for apache, the risk with recommending this mechanism is that it's  
> less
> secure than signing after a F2F meeting - if a key is compromised then
> transition statements could be published and keys signed in error.
> however, without using transition statements, there is a risk that an
> advance in cryptography will conclusively break SHA-1 or DSA before  
> the
> new apache WOT is viable.
>
> if we decide to recommend transition statements then i recommend  
> asking
> committers to broadcast transition statements using a independent
> trusted communication channel which can be monitored by committers.  
> this
> should provide more security than each person using an ad hoc  
> solution.
>
> for example, asking for statements to be committed to subversion would
> mean that an attacker would have to comprise a users subversion
> credentials as well as their private key. if that change were posted  
> to
> a public mailing list to which that user were subscribed then they  
> would
> be informed that their key had been comprised and could take  
> appropriate
> action.
>
> opinions?
>
> - - robert
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iQIcBAEBCgAGBQJKi87nAAoJEHl6NpRAqILLjqwQALzaot3LVWJwbCzxb2G9ZHbe
> +1luE6cQ4BH8aEz/S8oZDYq0iekvmJESEYzylalis4H4NEMfoIvTKS5Wdthgwspj
> IKxn6zjAgcj25+WFq+0sd8TK5BGoAYR9HOLkQsUEOFp3w693gbm3lE9XbRkFRMc5
> c/T9n4hVnPXGEih5fzaeHhOxGDcnuRGu4ZSs+GfW/F6hncqhTdqKw8kXTWeQ9es/
> 8xNcIkxULUIOHOgjVgEyQBHCX7zDsW7p3kBysHuYNV3BIKEwSOO660LmEUmnOLYR
> PYqFMEMmpEL8BJYZvtz1b9CG/ROtBWmy7GsjiXAvClWvZw93w5O+/qwFZ6LYQgO2
> IRd+T+RknJzr7KdPE/vzrlCpAITNd5SU4ROpUT9hSj2cig7sZWwaPlC+W4fr+1eA
> fk+PKPANEyBP2SnnNzmm9gOUCLahigHZVNR+8TBJVImAptQqvfpchrcwq+ov55vQ
> AL/msg81DxZaj/TR3tjydy1xu61t2coJ1OAN/yn/UyeFxzyujHxdiHtudaCaAXeP
> 7tfCvEvHa9q4DotvfT5aS6+hVQTUy2Hxd9iOHFwim6ewE2DVsvryeYI3PP60g/Vj
> XLoE6vpkJn3TgObQrhnGzF9vKLRBptYFy0HK8BacOaVdP8oQGeX2/02AGJ7mEwTi
> 7WpvJnmgD1ILnQt6ZrJx
> =BVjD
> -----END PGP SIGNATURE-----
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: community-unsubscribe@apache.org
> For additional commands, e-mail: community-help@apache.org
>



---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org


Mime
View raw message