From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <gentoo-project+bounces-8657-garchives=archives.gentoo.org@lists.gentoo.org> Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 0F96A138334 for <garchives@archives.gentoo.org>; Sat, 13 Apr 2019 19:37:22 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 152EEE09F9; Sat, 13 Apr 2019 19:37:21 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A972CE09F2; Sat, 13 Apr 2019 19:37:20 +0000 (UTC) Received: from pomiot (d202-252.icpnet.pl [109.173.202.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id B1759340F58; Sat, 13 Apr 2019 19:37:18 +0000 (UTC) Message-ID: <53b2dc8953f3e39a585b7b5720623dc876edd273.camel@gentoo.org> Subject: [gentoo-project] Gentoo Authority Keys are deployed now for testing! From: =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?= <mgorny@gentoo.org> To: gentoo-dev-announce <gentoo-dev-announce@lists.gentoo.org> Cc: gentoo-project <gentoo-project@lists.gentoo.org> Date: Sat, 13 Apr 2019 21:37:14 +0200 Organization: Gentoo Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-k+KB4Lwqd080XoLyJm3o" User-Agent: Evolution 3.30.5 Precedence: bulk List-Post: <mailto:gentoo-project@lists.gentoo.org> List-Help: <mailto:gentoo-project+help@lists.gentoo.org> List-Unsubscribe: <mailto:gentoo-project+unsubscribe@lists.gentoo.org> List-Subscribe: <mailto:gentoo-project+subscribe@lists.gentoo.org> List-Id: Gentoo Project discussion list <gentoo-project.gentoo.org> X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 X-Archives-Salt: f6471a73-11e1-44e1-8dc7-15865a2032ce X-Archives-Hash: 0ce2ec8820cecc3ebdc4cbf67f42964c --=-k+KB4Lwqd080XoLyJm3o Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, everyone. I'd like to announce that the experimental deployment of Gentoo Authority Keys is now in place. If someone would like to give them a try, Wiki includes instructions for using them [1]. Authority Keys (as defined in GLEP 79 [2]) provide a simple, uniform way of verifying OpenPGP keys belonging to Gentoo developers. Long story short, Infra runs a service that signs developer keys with a single key. You import, verify and trust the key, and you get @gentoo.org UIDs of all active Gentoo devs verified as a result. The primary purpose of developer keys is to provide a better GnuPG- friendly infrastructure for secure communication with developers. It can be used to verify signatures made by developers, and to encrypt mail sent to them. In this regard, it can be used in place of LDAP (available only to Gentoo devs) or gentoo-keys seed files (which require manual updates, and use custom file format). Besides developer key signatures, Authority Keys also provide (manually managed) signatures for other keys used by Infra. Therefore, they provide an alternative to manually verifying key fingerprints against Gentoo website [3]. While technically right now the authenticity of Authority Keys can only be verified against the website [3], I hope that users will start signing them upon verifying, effectively making WoT-based verification possible. Once that happens, we will be able to stop relying on PKI. Currently, the Authority Keys and signed developer keys are available only on the experimental Gentoo keyserver (hkps://keys.gentoo.org).=20 Once both mature a little bit, we should start syncing keys between Gentoo keyserver and SKS, effectively increasing availability of this service. [1]:https://wiki.gentoo.org/wiki/Project:Infrastructure/Authority_Keys [2]:https://www.gentoo.org/glep/glep-0079.html [3]:https://www.gentoo.org/downloads/signatures/ --=20 Best regards, Micha=C5=82 G=C3=B3rny --=-k+KB4Lwqd080XoLyJm3o Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEEXr8g+Zb7PCLMb8pAur8dX/jIEQoFAlyyOmtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDVF QkYyMEY5OTZGQjNDMjJDQzZGQ0E0MEJBQkYxRDVGRjhDODExMEEACgkQur8dX/jI EQo0exAApxqFExljbxQCvGgAwVZNBZJcWvS9SLLAIFRkgiQRXf9Kl5ISGkJc0LYp HkxemrMPC7P0fTNbsRjKgc6jEDhookbxCLPfZCu4MVdsVZrRxur1pxe2c84MedeO lc3i48oU0zr/iYkqUG1domcIpAoJ+3m1yjVGVVHTqtta0TrVP5AU51K8/B5X+Rng IVsqJSU+I4EdS3f9rj4m75XbybkBrnImqksR2NB3m0TtKotzDnqCYxh8YklJ5ApV k8tgK9Z1K1OVML8cy9fbmE+shhrEa/T+/aklkoQmellxMZYLo4f826JV1CDemt0W dh4grqBwfO/DPwSfbQUMW01wsOSx/bU5PMDTKTUH5cWnBUzjjBwLSXCT03cDlao8 EG704Y0arfhrBK6xD+9MJjMP/9zHaauQov1syycZEI20FYzlMHItcMjfEVT11RL6 J4LkEap/fnADj/KtpfiEM6MOy5SePO6Pg99k/ijhZJC1+KH0fQwYoYB8YhgGqGj+ 2XaiPhgeqyayA3TCrteP5p+eIN5tyuBsXsUyfEF9CxQP/FVPWZ+8rFvemLTjhTLI wyrX3FHjipPk8hss6vdJc0gynBjvm/UTq7WkFsZOLPzio64dQzRC68lgHXgCezgN 2E7JfRZH7lqu4Lk/sFN/elhve/uqQE6osMnYb1KYkLVGp8oouyw= =CJRc -----END PGP SIGNATURE----- --=-k+KB4Lwqd080XoLyJm3o--