CLUG meeting 27 June 2002
dld at coyote.com.au
Tue Jun 25 02:10:13 EST 2002
And if there's interest (sounds like there is) I'll bring in a map of the
CLUG web-of-trust and how it links to some interesting keys (Linus, Kernel
Archives, GnuPG, Woz, mutt, SSH, PGP, the distributions). Anyone not on the
attached list who wants to be mapped, let me know your key-id and upload
your latest signatures to the pgp.dtype.org keyserver before Thursday.
Any interest in a discussion on best-practices, secret-key protection,
multiple keys, signing protocols, trust decisions, Keys-At-Work, long-term
signing keys, secure key storage, key escrow, session-key recovery, key
expiration, ... ? I've been thinking of upgrading to a longer key length
(for signature purposes, not daily signing/encrypting).
At the present, the only real (GnuPG) option for longer keys is RSA (DSA
is officially limited to 1024 by some accepted FIPS-or-something Standard).
2048R seems popular among Certificate Authorities and a few Debian
developers, usually signing a shorter 1024 bit key with an expiration time
of a year or two. I've been thinking of going to a lifetime-length
key to gather signatures on, with no expiration date, and then a few-years
length on the daily use key, but, as a suggestion for discussion:
1) How many bits should a lifetime public key be? Which algorithm(s)?
RSA vs. DSA
2) What electronic and physical protection would be enough (I'd hate to have
it compromised by some casual mistake or oversight and ruin ~40 years of
key signatures in a second, and not realize it for another 20 years).
a) Faraday cage, tamper-resistant building (Enemy of the State style).
b) laptop/PDA in a locked safe, no network. Probably on-disk system
encryption or removed case to make trojaning very difficult.
c) system that cold boots from read-only media
d) non-networked system, key owner is sole admin/user
f) networked, a few trusted admins/users (eg. family)
g) networked, trusted admins, known users
h) many users, not one of the administrators, or don't trust all
3) And then, two separate keys, or one key with multiple subkeys (this
didn't quite work for me due to GnuPG implementation issues, can't delete
primary key from working-secret-keyring, and can't sign with a subkey).
4) Expiration time on working-keyring. Again, what level of security (same
as question 2).
Maybe we could have a poll or discussion along these lines.
[ do I really want to manipulate 8192-bit keys on an dedicated 486/25
system, booting from a read-only floppy? Hmm. Might need until Thursday
to generate the key.]
(er, Eyal, I think you need a new key already)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 307 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux/attachments/20020625/ae39d219/attachment.bin
More information about the linux