From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 86388138334 for ; Thu, 2 May 2019 16:40:44 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id ABCA3E0863; Thu, 2 May 2019 16:40:43 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 7F2C2E0863 for ; Thu, 2 May 2019 16:40:43 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id F14D73429DF for ; Thu, 2 May 2019 16:40:41 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 60F6B5E0 for ; Thu, 2 May 2019 16:40:40 +0000 (UTC) From: "Michał Górny" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Michał Górny" Message-ID: <1556775768.6e8b76cf97c599812b443856450fae92d013ec3e.mgorny@gentoo> Subject: [gentoo-commits] data/glep:master commit in: / X-VCS-Repository: data/glep X-VCS-Files: glep-0063.rst X-VCS-Directories: / X-VCS-Committer: mgorny X-VCS-Committer-Name: Michał Górny X-VCS-Revision: 6e8b76cf97c599812b443856450fae92d013ec3e X-VCS-Branch: master Date: Thu, 2 May 2019 16:40:40 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 1c2b6377-faac-4d10-98e9-f5e3310254be X-Archives-Hash: 1184cd3e0921554c3baaf5e28240ce99 commit: 6e8b76cf97c599812b443856450fae92d013ec3e Author: Michał Górny gentoo org> AuthorDate: Sun Feb 24 09:18:13 2019 +0000 Commit: Michał Górny gentoo org> CommitDate: Thu May 2 05:42:48 2019 +0000 URL: https://gitweb.gentoo.org/data/glep.git/commit/?id=6e8b76cf glep-0063: Require encryption subkey, and make primary certify-only Following the recent mailing list discussion indicating that developers are taking GLEP 63 as only source of truth about OpenPGP keys, and can make assumption that if encryption key is not listed there they should not have one. Amend the specification to extend it beyond the previous limited scope of commit signing, and require an encryption key appropriately. This matches the GnuPG defaults. While at it, add a recommendation that the primary key is certify-only. Other usage is implicitly discouraged anyway via requiring subkeys. Originally this recommendation was omitted as I wasn't aware that gpg had a (hidden) option to change usage of existing keys. Closes: https://bugs.gentoo.org/681802 Signed-off-by: Michał Górny gentoo.org> glep-0063.rst | 43 +++++++++++++++++++++++++++++-------------- 1 file changed, 29 insertions(+), 14 deletions(-) diff --git a/glep-0063.rst b/glep-0063.rst index aae7dc5..becbadd 100644 --- a/glep-0063.rst +++ b/glep-0063.rst @@ -7,10 +7,10 @@ Author: Robin H. Johnson , Michał Górny Type: Standards Track Status: Final -Version: 2 +Version: 2.1 Created: 2013-02-18 -Last-Modified: 2018-07-21 -Post-History: 2013-11-10, 2018-07-03, 2018-07-21 +Last-Modified: 2019-05-02 +Post-History: 2013-11-10, 2018-07-03, 2018-07-21, 2019-02-24 Content-Type: text/x-rst --- @@ -28,6 +28,13 @@ OpenPGP key management policies for the Gentoo Linux distribution. Changes ======= +v2.1 + A requirement for an encryption key has been added, in order to extend + the GLEP beyond commit signing and into use of OpenPGP for dev-to-dev + and user-to-dev communications. + + A recommendation for primary key to be certify-only has been added. + v2 The distinct minimal and recommended expirations have been replaced by a single requirement. The rules have been simplified to use @@ -70,22 +77,28 @@ Linux development are sorely needed. This document provides both a set of bare minimum requirements and a set of best practice recommendations for the use of GnuPG (or other OpenPGP providers) by Gentoo Linux developers. It is intended to provide a basis for future improvements such as, e.g., -consistent ebuild or package signing and verifying by end users. +consistent ebuild or package signing and verification by end users, +and providing secure and authenticated communication channel between users +and developers. Specifications for OpenPGP keys =============================== Bare minimum requirements ------------------------- -This section specifies obligatory requirements for all OpenPGP keys used -to commit to Gentoo. Keys that do not conform to those requirements can -not be used to commit. +This section specifies obligatory requirements for all OpenPGP keys that +are used in the context of Gentoo developer actions. All developers +are required to have at least one key conforming to those requirements. +Keys that do not conform to them can not be used to commit. 1. SHA-2 series output digest (SHA-1 digests internally permitted), at least 256-bit. All subkey self-signatures must use this digest. -2. Signing subkey that is different from the primary key, and does not - have any other capabilities enabled. +2. a. Signing subkey that is different from the primary key, and does + not have any other capabilities enabled. + + b. Encryption subkey that is different from the primary key, and does + not have any other capabilities enabled. 3. Primary key and the signing subkey are both of type EITHER: @@ -110,15 +123,17 @@ The developers should follow those practices unless there is a strong technical reason not to (e.g. hardware limitations, necessity of replacing their primary key). -1. Primary key and the signing subkey are both of type RSA, 2048 bits +1. Primary key has only ``certify`` capability enabled. + +2. Primary key and the signing subkey are both of type RSA, 2048 bits (OpenPGP v4 key format or later). -2. Key expiration renewed annually to a fixed day of the year. +3. Key expiration renewed annually to a fixed day of the year. -3. Create a revocation certificate & store it hardcopy offsite securely +4. Create a revocation certificate & store it hardcopy offsite securely (it's about ~300 bytes). -4. Encrypted backup of your secret keys. +5. Encrypted backup of your secret keys. Gentoo LDAP =========== @@ -193,7 +208,7 @@ References Copyright ========= -Copyright (c) 2013-2018 by Robin Hugh Johnson, Andreas K. Hüttel, +Copyright (c) 2013-2019 by Robin Hugh Johnson, Andreas K. Hüttel, Marissa Fischer, Michał Górny. This work is licensed under the Creative Commons Attribution-ShareAlike 3.0