status of the debian openpgp keyring
play

Status of the Debian OpenPGP keyring Jonathan McDowell, Gunnar - PowerPoint PPT Presentation

Jul 17, 2023 •205 likes •492 views

Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Status of the Debian OpenPGP keyring Jonathan McDowell, Gunnar Wolf What do we do Daniel Kahn Gillmor Jonathan McDowell Gunnar Wolf Escaping algorithmic fragility: So far

  1. Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Status of the Debian OpenPGP keyring Jonathan McDowell, Gunnar Wolf What do we do Daniel Kahn Gillmor Jonathan McDowell Gunnar Wolf Escaping algorithmic fragility: So far Debian Project Better key handling practices DebConf 14 • Portland, Oregon

  2. Contenidos Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, 1 What do we do Jonathan McDowell, Gunnar Wolf What do we do 2 Escaping algorithmic fragility: So far Escaping algorithmic fragility: So far Better key 3 Better key handling practices handling practices

  3. We mantain your keyrings Status of the Debian OpenPGP keyring Maybe the naming is suboptimal. . . Daniel Kahn Gillmor, Jonathan McDowell, debian-keyring-gpg 1003 keys Gunnar Wolf debian-maintainers-gpg 221 keys What do we do Escaping debian-nonupload-gpg 10 keys algorithmic fragility: So far debian-role-keys-gpg 9 keys (unused) Better key handling emeritus-keyring-pgp 237 keys (unused) practices removed-keys-gpg 750 keys (unused)

  4. We mantain your keyrings Status of the Debian OpenPGP keyring Maybe the naming is suboptimal. . . Daniel Kahn Gillmor, Jonathan McDowell, debian-keyring-gpg 1003 keys Gunnar Wolf debian-maintainers-gpg 221 keys What do we do Escaping debian-nonupload-gpg 10 keys algorithmic fragility: So far debian-role-keys-gpg 9 keys (unused) Better key handling emeritus-keyring-pgp 237 keys (unused) practices removed-keys-gpg 750 keys (unused)

  5. Active Debian keys Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices Figura: Evolution of the number of active keys, by type (inactive keys omitted)

  6. Contenidos Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, 1 What do we do Jonathan McDowell, Gunnar Wolf What do we do 2 Escaping algorithmic fragility: So far Escaping algorithmic fragility: So far Better key 3 Better key handling practices handling practices

  7. Getting rid of PGPv3 Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, PGPv3: Weak keys (key fingerprint weakness, short Gunnar Wolf keylength. . . ) What do we do 2005: 261 PGPv3 keys, 903 GPG keys Escaping algorithmic September 2010: zero PGPv3 keys fragility: So far Better key handling practices

  8. Getting rid of PGPv3 Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices Figura: Number of keys in the DD keyring, by type

  9. Forcefully removal Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Evolution of PGPv3 key migration was good Gunnar Wolf Some people just didn’t act on time What do we do In the end: Forcefully removed Escaping algorithmic 17 active keys removed fragility: So far Better key handling practices

  10. But. . . What’s wrong with 1024D? Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices

  11. But. . . What’s wrong with 1024D? Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices

  12. But. . . What’s wrong with 1024D? Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices

  13. The situation WRT 1024D (1/6) Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices Figura: Number of Nonuploading DD keys, by key length — Absolute

  14. The situation WRT 1024D (2/6) Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices Figura: Number of Nonuploading DD keys, by key length — Absolute

  15. The situation WRT 1024D (3/6) Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices Figura: Number of Maintainer keys, by key length — Absolute

  16. The situation WRT 1024D (4/6) Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices Figura: Number of Maintainer keys, by key length — Absolute

  17. The situation WRT 1024D (5/6) Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices Figura: Number of DD keys, by key length — Absolute

  18. The situation WRT 1024D (6/6) Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices Figura: Number of DD keys, by key length — Absolute

  19. Warning Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Until this point, we have stated facts. Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices

  20. Warning Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Until this point, we have stated facts. Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic From this point on, it’s all a proposal for fragility: So far Better key discussion. handling practices

  21. The way out. . . ? Status of the Debian OpenPGP Some ideas we put on the table keyring Daniel Kahn Gillmor, Jonathan Set a hard-cutoff date McDowell, Gunnar Wolf Say, Time.now() + 6.months ? Or rather, the last day of this year? What do we do Whatever: +- that timeframe Escaping algorithmic fragility: So far But. . . What about key migration difficulties? Better key People socially disconnected from Debian handling practices People geographically disconnected Consideration to special cases But aren’t we all somehow. . . Special ?

  22. The way out. . . ? Status of the Debian OpenPGP Some ideas we put on the table keyring Daniel Kahn Gillmor, Jonathan Set a hard-cutoff date McDowell, Gunnar Wolf Say, Time.now() + 6.months ? Or rather, the last day of this year? What do we do Whatever: +- that timeframe Escaping algorithmic fragility: So far But. . . What about key migration difficulties? Better key People socially disconnected from Debian handling practices People geographically disconnected Consideration to special cases But aren’t we all somehow. . . Special ?

  23. What about signing based on. . . Status of the Debian OpenPGP keyring Migration documents? Daniel Kahn Gillmor, Non-personal contact? Jonathan McDowell, Gunnar Wolf Personal identification: Unenforceable, but widely What do we do expected Escaping algorithmic fragility: So far Better key handling practices

  24. What about signing based on. . . Status of the Debian OpenPGP keyring Migration documents? Daniel Kahn Gillmor, Non-personal contact? Jonathan McDowell, Gunnar Wolf Personal identification: Unenforceable, but widely What do we do expected (And mostly honored) Escaping algorithmic fragility: So far Better key Where should we encode this expectation? (i.e. DMUP handling practices and friends?)

  25. Contenidos Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, 1 What do we do Jonathan McDowell, Gunnar Wolf What do we do 2 Escaping algorithmic fragility: So far Escaping algorithmic fragility: So far Better key 3 Better key handling practices handling practices

  26. Key handling practices should improve Status of the Debian OpenPGP keyring Many people don’t handle their keys carefully Daniel Kahn Gillmor, enough Jonathan McDowell, Separating master keyring from key du jour Gunnar Wolf Key expiration What do we do Revocation certificates Escaping algorithmic Proper offline storage for master private key fragility: So far material Better key handling . . . practices Cannot have technical solutions for social issues. . .

  27. Expiration: Technical solution for a technical issue Status of the Debian OpenPGP keyring Daniel Kahn Could we require keys to have a set expiration date? Gillmor, Jonathan McDowell, Say, requiring 3 years expiration (+maintaining the Gunnar Wolf key updated, of course) What do we do Demonstrable key update activity (HKPS) Escaping Set a timeframe for expiring keys to be enforced algorithmic fragility: So far Periodic service where we inform you your expiration Better key handling is soon. . . practices

  28. Questions? Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Questions? Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices keyring-maint@debian.org

Recommend

Automated Testing of Debian Packages Status Update Lucas Nussbaum lucas@debian.org Lucas

Automated Testing of Debian Packages Status Update Lucas Nussbaum lucas@debian.org Lucas

Introduction Tests Building packages more efficiently Piuparts State of the archive collab-qa Conclusion Automated Testing of Debian Packages Status Update Lucas Nussbaum lucas@debian.org Lucas Nussbaum Automated Testing of Debian

622 views • 34 slides
OpenPGP? mailing lists? OpenPGP on mailing lists? let's fix that! manual all subscribers have

OpenPGP? mailing lists? OpenPGP on mailing lists? let's fix that! manual all subscribers have

OpenPGP? mailing lists? OpenPGP on mailing lists? let's fix that! manual all subscribers have all subscribers and all public keys doesn't scale list key scales works proxy re-encryption secure e-mail list service

472 views • 28 slides
Sylvestre Ledru sylvestre@debian.org Lo Cavaill leo+debian@cavaille.net Debian + 20

Sylvestre Ledru sylvestre@debian.org Lo Cavaill leo+debian@cavaille.net Debian + 20

Sylvestre Ledru sylvestre@debian.org Lo Cavaill leo+debian@cavaille.net Debian + 20 000 source packages ~13 architectures 3 kernels The biggest database of FLOSS code (?) The Debile Project January, 19th 2014 Sylvestre Ledru

571 views • 25 slides
The long road to aka Debian Edu in Debian Lenny main Holger Levsen, February 24 th 2008

The long road to aka Debian Edu in Debian Lenny main Holger Levsen, February 24 th 2008

The long road to aka Debian Edu in Debian Lenny main Holger Levsen, February 24 th 2008 Outline Some bits about me Project goals, design & features Debian and Debian Edu Development model and tools Debian Edu Etch

582 views • 36 slides
Patterns for Testing Debian Packages Antonio Terceiro terceiro@debian.org A brief intro to

Patterns for Testing Debian Packages Antonio Terceiro terceiro@debian.org A brief intro to

Patterns for Testing Debian Packages Antonio Terceiro terceiro@debian.org A brief intro to Debian CI autopkgtest created back in 2006 (!) 2014: Debian CI launches Goal: provide automated testing for the Debian archive (i.e. run

816 views • 68 slides
Custom Debian distributions and Debian derivatives Aigars Mahinovs Debconf 5 Debian Day

Custom Debian distributions and Debian derivatives Aigars Mahinovs Debconf 5 Debian Day

Custom Debian distributions and Debian derivatives Aigars Mahinovs Debconf 5 Debian Day Definitions Distribution a set of OS kernel and supporting software in a defined format with the possibility of some integration by adjusting

134 views • 12 slides
Debian KDE-Extras Team Debian KDE-Extras Team Mark Purcell <msp@debian.org> Introduction

Debian KDE-Extras Team Debian KDE-Extras Team Mark Purcell <msp@debian.org> Introduction

Debian KDE-Extras Team Debian KDE-Extras Team Mark Purcell <msp@debian.org> Introduction Introduction The Debian KDE Extras Team maintain a portfolio of extra application packages for Debian GNU/Linux outside the KDE core applications

554 views • 18 slides
debian-community.org Holger Levsen June 23 rd 2007 Outline some bits about me & my

debian-community.org Holger Levsen June 23 rd 2007 Outline some bits about me & my

debian-community.org Holger Levsen June 23 rd 2007 Outline some bits about me & my inspiriation for this basic ideas: email, planets, t-shirts more goals, i18n simple code of conduct debian endorsement status, timeline

572 views • 31 slides
Distribui c oes Personalizadas Debian Otavio Salvador Enrico Zini otavio@debian.org,

Distribui c oes Personalizadas Debian Otavio Salvador Enrico Zini otavio@debian.org,

Conte udo Como criar um Distribui c ao Personalizada Debian Debian-BR-CDD Distribui c oes Personalizadas Debian Otavio Salvador Enrico Zini otavio@debian.org, enrico@debian.org Congreso Internacional de Software Livre - 2 Edi

532 views • 25 slides
Running an SME on Debian or Managing Debian across the whole fleet Apollon Oikonomopoulos

Running an SME on Debian or Managing Debian across the whole fleet Apollon Oikonomopoulos

apoikos@debian.org Running an SME on Debian or Managing Debian across the whole fleet Apollon Oikonomopoulos DebConf16 - Cape Town 2016-07-04 Outline Introduction Installation Configuration management Package management People 2/26

697 views • 27 slides
Cooperation and Social Status in Free and Open Source Projects Gaudenz Steinlin

Cooperation and Social Status in Free and Open Source Projects Gaudenz Steinlin

Cooperation and Social Status in Free and Open Source Projects Gaudenz Steinlin gaudenz@debian.org DebConf 9, Caceres, Spain Introduction About my masters thesis in sociology Based on empirical process data gathered from the Debian

365 views • 36 slides
Debian Derivatives P r e s e n t a t i o n / B o F D e b C o n f 1 6 , C

Debian Derivatives P r e s e n t a t i o n / B o F D e b C o n f 1 6 , C

Debian Derivatives P r e s e n t a t i o n / B o F D e b C o n f 1 6 , C a p e T o w n Debian Derivatives Hctor Orn Martnez <hector.oron@collabora.co.uk> <zumbi@debian.org> Works for Collabora

511 views • 15 slides
Secret Debian Internals Enrico Zini enrico@debian.org 25 February 2007 Enrico Zini

Secret Debian Internals Enrico Zini enrico@debian.org 25 February 2007 Enrico Zini

Secret Debian Internals Enrico Zini enrico@debian.org 25 February 2007 Enrico Zini enrico@debian.org Secret Debian Internals BTS Where to find it Source code: bzr branch http://bugs.debian.org/debbugs-source/mainline/ Data on merkel at

370 views • 16 slides
cran2deb: A fully automated CRAN to Debian package generation system UseR! 2009 Presentation

cran2deb: A fully automated CRAN to Debian package generation system UseR! 2009 Presentation

Why How Status Open Issues cran2deb: A fully automated CRAN to Debian package generation system UseR! 2009 Presentation Charles Blundell 1 Dirk Eddelbuettel 2 1 Gatsby Computational Neuroscience Unit University College London, UK 2 Debian and

487 views • 15 slides
Debian 8.0 AKA jessie Michael Prokop Facts 1/3 Debian 8, codename jessie 2 years

Debian 8.0 AKA jessie Michael Prokop Facts 1/3 Debian 8, codename jessie 2 years

Debian 8.0 AKA jessie Michael Prokop Facts 1/3 Debian 8, codename jessie 2 years after Debian 7, codename wheezy (2013-05-04) Release Date: 2015-04-25 [party!] 75 supported languages 4.841 new source packages

587 views • 19 slides
systemd in Debian - a status update Michael Biebl July 5, 2016 introduction polish and QA

systemd in Debian - a status update Michael Biebl July 5, 2016 introduction polish and QA

systemd in Debian - a status update Michael Biebl July 5, 2016 introduction polish and QA trimming the base OS getting rid of legacy cruft polish and QA stable updates 4 stable point releases in jessie bug fixes and

550 views • 13 slides
Experiences made with the DebConf video-team or the making of http://debian-meetings.debian.net

Experiences made with the DebConf video-team or the making of http://debian-meetings.debian.net

Experiences made with the DebConf video-team or the making of http://debian-meetings.debian.net /pub/debian-meetings/ by Holger Levsen Sydney Linux User Group, January 22 nd 2007 Outline whoami project aims and features software

472 views • 19 slides
Debian Data Export A standard for publishing Debian information. Enrico Zini enrico@debian.org

Debian Data Export A standard for publishing Debian information. Enrico Zini enrico@debian.org

Debian Data Export A standard for publishing Debian information. Enrico Zini enrico@debian.org Feb 7, 2009 15 slides Enrico Zini (enrico@debian.org) Fosdem, Brussels, February 7, 2009 - 09:43:46 AM 1/15 Debian Data Export Debian: the data

343 views • 15 slides
Debian Hamradio Blend Iain R. Learmonth < irl@debian.org > Debian Hamradio Maintainers 31st

Debian Hamradio Blend Iain R. Learmonth < irl@debian.org > Debian Hamradio Maintainers 31st

Debian Hamradio Blend Iain R. Learmonth < irl@debian.org > Debian Hamradio Maintainers 31st April 2016 Iain R. Learmonth (Debian Hams) Debian Hamradio Blend 31st April 2016 1 / 13 Pure Blends A collection of tasks (metapackages) Iain

783 views • 13 slides
Format Oracles on OpenPGP F. Maury J.-R. Reinhard O. Levillain H. Gilbert ANSSI, France

Format Oracles on OpenPGP F. Maury J.-R. Reinhard O. Levillain H. Gilbert ANSSI, France

Format Oracles on OpenPGP Format Oracles on OpenPGP F. Maury J.-R. Reinhard O. Levillain H. Gilbert ANSSI, France CT-RSA April 22, 2015 Maury et al. | ANSSI | CT-RSA 2015 1 / 19 Format Oracles on OpenPGP | Introduction Contribution We

1.05k views • 28 slides
Lernstick A Debian derivative for Schools in Switzerland Gaudenz Steinlin gaudenz@debian.org

Lernstick A Debian derivative for Schools in Switzerland Gaudenz Steinlin gaudenz@debian.org

Lernstick A Debian derivative for Schools in Switzerland Gaudenz Steinlin gaudenz@debian.org DebConf 15 22. Aug 2015 k c i t s n r e l Outline Lernstick Overview 1 2 How to help - Improve collaboration with Debian Questions 3 k

551 views • 29 slides
Debian Med A service for scientists in medicine and biomedical research Andreas Tille Debian

Debian Med A service for scientists in medicine and biomedical research Andreas Tille Debian

Debian Med A service for scientists in medicine and biomedical research Andreas Tille Debian Brussels, 02. February 2013 Andreas Tille (Debian) Debian Med Brussels, 02. February 2013 1 / 12 What is Debian Med? practice management system

610 views • 39 slides
Symmetric Encryption via Keyrings and ECC Ronald L. Rivest Institute Professor MIT, Cambridge,

Symmetric Encryption via Keyrings and ECC Ronald L. Rivest Institute Professor MIT, Cambridge,

Symmetric Encryption via Keyrings and ECC Ronald L. Rivest Institute Professor MIT, Cambridge, MA ArcticCrypt 2016-07-18 Outline MotivationSimplifying Crypto Key Updates Keyring (Bag of Words) Model Incremental Key Updates Keyring

1.73k views • 135 slides
Rethinking of the Rethinking of the debian/watch debian/watch With thought experiments about

Rethinking of the Rethinking of the debian/watch debian/watch With thought experiments about

Rethinking of the Rethinking of the debian/watch debian/watch With thought experiments about uscan Kentaro Hayashi DebConf18 in T aiwan 2018-08-03 ClearCode Inc. Digest of this talk Current d/watch fi le is sometimes complicated Update

800 views • 77 slides

More recommend