From: "Robin H. Johnson" <robbat2@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] RFC: Gentoo GPG key policies
Date: Wed, 20 Feb 2013 17:05:45 +0000 [thread overview]
Message-ID: <robbat2-20130220T165854-082916533Z@orbis-terrarum.net> (raw)
In-Reply-To: <CAAr7Pr9mWLwUnwZOeoJr9DZ1eM5zyFxBNOf1pm-M4c=Jd4nRng@mail.gmail.com>
On Tue, Feb 19, 2013 at 10:32:13PM -0800, Alec Warner wrote:
> I agree that a smartcard is much better security vs a longer key. I
> don't think attackers targetting Gentoo are going to brute force the
> key. They are going to steal the key, trivially, by exploiting a 0-day
> in a crappy browser, or flash, or java, or whatever. A smartcard is
> the defense against this attack (because the key material is well
> protected, and they need physical access to actually relocate it.)
> Storing it in the TPM would also be cool, except TPMs are crap on
> Linux, *and* most hardware TPMs are crap anyway.
Exactly. The longer key doesn't block this attack, the smartcard does.
The question being asked becomes:
"If the smartcard only supports a shorter key is that an acceptable
tradeoff where a longer key would be used instead?"
I say it's a very acceptable tradeoff, and the require/recommend of the
proposal reflects this.
> > Also, if there is a Well-Funded-Organization attacking Gentoo, there are
> > MUCH more effective ways for them to compromise us. Any perceived gains
> > in that field from requiring DSA2048 and blocking DSA1024 should be
> > examined very closely.
> I would ask the opposite question. What is the perceived difficulty in
> using DSA2048 vs 1024? For the non-smartcard users, the cost is likely
> trivial. Even your perf data shows that signing requests still
> complete in 200ms or less, and that is on old / slow hardware.
This is why I recommended DSA2048, but only required DSA1024.
I don't want something that says
"If you use a smartcard, you can use DSA1024, otherwise you must use
DSA2048"
That's just too confusing.
> djm works for Google, and I chat with him at least once a quarter.
> I've seen some patches go by that we could re-purpose for gpg-agent
> forwarding. For slow machines we could have them sign on a
> faster-trusted machine with a forwarded agent.
Major +1 on gpg-agent forwarding request; the smartcard crowd would love
it too.
--
Robin Hugh Johnson
Gentoo Linux: Developer, Trustee & Infrastructure Lead
E-Mail : robbat2@gentoo.org
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
next prev parent reply other threads:[~2013-02-20 17:05 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-18 23:27 [gentoo-dev] RFC: Gentoo GPG key policies Robin H. Johnson
2013-02-18 23:41 ` Robin H. Johnson
2013-02-19 3:36 ` Kent Fredric
2013-02-19 4:09 ` Robin H. Johnson
2013-02-19 4:46 ` Brian Dolbec
2013-02-19 7:38 ` Kent Fredric
2013-02-19 15:52 ` Alec Warner
2013-02-19 4:25 ` [gentoo-dev] " Ryan Hill
2013-02-19 6:51 ` [gentoo-dev] " Eray Aslan
2013-02-20 0:34 ` Stefan Behte
2013-02-20 3:12 ` Robin H. Johnson
2013-02-20 6:32 ` Alec Warner
2013-02-20 17:05 ` Robin H. Johnson [this message]
2013-02-20 18:41 ` James Cloos
2013-02-20 19:36 ` Robin H. Johnson
2013-02-20 20:22 ` Andreas K. Huettel
2013-02-20 21:31 ` Robin H. Johnson
2013-02-20 20:38 ` Luis Ressel
2013-02-20 21:37 ` Robin H. Johnson
2013-02-20 21:55 ` Luis Ressel
2013-02-21 9:09 ` Michał Górny
2013-02-21 9:41 ` Markos Chandras
2013-02-26 10:10 ` grozin
2013-02-27 15:12 ` Luis Ressel
2013-02-27 19:04 ` Robin H. Johnson
2013-02-27 20:27 ` Alec Warner
2013-03-14 3:50 ` grozin
2013-03-14 7:19 ` justin
2013-03-14 9:12 ` Robin H. Johnson
2013-03-14 15:26 ` Zac Medico
2013-03-14 16:14 ` Michał Górny
2013-03-14 16:30 ` Zac Medico
2013-03-15 0:58 ` Robin H. Johnson
2013-03-15 1:01 ` Robin H. Johnson
2013-03-15 2:32 ` Michael Mol
2013-03-15 3:18 ` Robin H. Johnson
2013-03-15 3:33 ` Michael Mol
2013-03-15 5:12 ` Robin H. Johnson
2013-03-15 4:44 ` Michał Górny
2013-03-15 5:01 ` Robin H. Johnson
2013-03-22 6:37 ` grozin
2013-03-22 8:36 ` Panagiotis Christopoulos
2013-03-22 8:47 ` grozin
2013-03-22 14:19 ` David Abbott
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=robbat2-20130220T165854-082916533Z@orbis-terrarum.net \
--to=robbat2@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox