From: Kristian Fiskerstrand <k_f@gentoo.org>
To: gentoo-project@lists.gentoo.org,
Matthew Thode <prometheanfire@gentoo.org>
Subject: Re: [gentoo-project] [RFC] OpenPGP Authority Keys to provide validity of developer/service keys
Date: Sun, 17 Feb 2019 20:03:46 +0100 [thread overview]
Message-ID: <3af68c37-326d-d1a3-c59b-c302e56912e6@gentoo.org> (raw)
In-Reply-To: <20190217185416.nbgwm266moyk6j2u@gentoo.org>
[-- Attachment #1.1: Type: text/plain, Size: 1453 bytes --]
On 2/17/19 7:54 PM, Matthew Thode wrote:
> On 19-02-17 09:55:54, Michał Górny wrote:
>> On Sun, 2019-02-17 at 06:56 +0000, Robin H. Johnson wrote:
>>> On Sat, Feb 16, 2019 at 09:40:21AM +0100, Michał Górny wrote:
>>> 2. The uid signatures should NOT be naively exported to keyservers. They
>>> should use the CAFF method of generating a uid signature, writing it to a file,
>>> and sending it as an encrypted message to the uid address. The uid owner is
>>> responsible for decrypt + sending to servers. This ensures that the email
>>> address and key are still tied together.
>> That sounds like awful requirement of statefulness with requirement of
>> manual manipulation to me, i.e. a can of worms. Do we really need to
>> assume that Gentoo developers will be adding keys they can't use to
>> LDAP?
>>
> It could also be a bad actor, though that comes with other concerns.
> The CAFF method is the standard way of handling signatures, switching to
> ldap also switches our trust store to be based on ldap, not developer
> keys (anything can be in ldap).
Different threat models, if you assume the malicious actor can edit the
fingerprint in LDAP to begin with they have access to the email itself,
and we control the email address since only the @gentoo.org UID is signed.
--
Kristian Fiskerstrand
OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2019-02-17 19:04 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-16 8:40 [gentoo-project] [RFC] OpenPGP Authority Keys to provide validity of developer/service keys Michał Górny
2019-02-16 8:54 ` Toralf Förster
2019-02-17 3:08 ` Andreas K. Huettel
2019-02-17 3:45 ` Aaron Bauman
2019-02-17 6:56 ` Robin H. Johnson
2019-02-17 8:55 ` Michał Górny
2019-02-17 18:54 ` Matthew Thode
2019-02-17 19:03 ` Kristian Fiskerstrand [this message]
2019-02-18 13:22 ` Michał Górny
2019-02-19 19:47 ` Robin H. Johnson
2019-02-19 20:01 ` Michał Górny
2019-02-19 20:16 ` Rich Freeman
2019-02-19 21:54 ` Alec Warner
2019-02-19 23:21 ` Rich Freeman
2019-02-23 7:57 ` Michał Górny
2019-02-23 7:46 ` Michał Górny
2019-02-23 13:38 ` Rich Freeman
2019-02-23 16:30 ` Alec Warner
2019-02-23 16:52 ` Rich Freeman
2019-02-23 17:08 ` Michał Górny
2019-02-23 17:45 ` Rich Freeman
2019-02-17 19:04 ` Kristian Fiskerstrand
2019-02-18 5:23 ` Eray Aslan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3af68c37-326d-d1a3-c59b-c302e56912e6@gentoo.org \
--to=k_f@gentoo.org \
--cc=gentoo-project@lists.gentoo.org \
--cc=prometheanfire@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox