From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id D157D138334 for ; Sun, 29 Jul 2018 20:51:13 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 346B2E096E; Sun, 29 Jul 2018 20:51:10 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 03686E0963 for ; Sun, 29 Jul 2018 20:51:10 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id B86A7335CC0 for ; Sun, 29 Jul 2018 20:51:07 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 86006399 for ; Sun, 29 Jul 2018 20:51:04 +0000 (UTC) From: "Michał Górny" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Michał Górny" Message-ID: <1532894847.7d72d5875be3df130ae3728cf078a8f0434d904b.mgorny@gentoo> Subject: [gentoo-commits] data/glep:master commit in: / X-VCS-Repository: data/glep X-VCS-Files: glep-0063.rst X-VCS-Directories: / X-VCS-Committer: mgorny X-VCS-Committer-Name: Michał Górny X-VCS-Revision: 7d72d5875be3df130ae3728cf078a8f0434d904b X-VCS-Branch: master Date: Sun, 29 Jul 2018 20:51:04 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: bfb2a440-d06a-483a-b41a-a9439a594d9b X-Archives-Hash: 96b25c2d4012b3038f3e986637b9f2b6 commit: 7d72d5875be3df130ae3728cf078a8f0434d904b Author: Michał Górny gentoo org> AuthorDate: Sun Jul 8 18:33:20 2018 +0000 Commit: Michał Górny gentoo org> CommitDate: Sun Jul 29 20:07:27 2018 +0000 URL: https://gitweb.gentoo.org/data/glep.git/commit/?id=7d72d587 glep-0063: Extend SHA-2 requirement to self-signatures on subkeys glep-0063.rst | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/glep-0063.rst b/glep-0063.rst index 84d87d2..ae36d36 100644 --- a/glep-0063.rst +++ b/glep-0063.rst @@ -45,6 +45,9 @@ v2 The ``gpg.conf`` contents have been removed as they were seriously outdated and decreased security over the modern defaults. + The requirement of SHA-2 digest has been extended to apply to self- + signatures made on subkeys. + v1.1 The recommended RSA key size has been changed from 4096 bits to 2048 bits to match the GnuPG recommendations [#GNUPG-FAQ-11-4]_. @@ -77,7 +80,7 @@ to commit to Gentoo. Keys that do not conform to those requirements can not be used to commit. 1. SHA-2 series output digest (SHA-1 digests internally permitted), - at least 256-bit. + at least 256-bit. All subkey self-signatures must use this digest. 2. Signing subkey that is different from the primary key, and does not have any other capabilities enabled