From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 40615138334 for ; Sun, 17 Feb 2019 06:56:22 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1FEEEE0993; Sun, 17 Feb 2019 06:56:21 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id B78ECE0992 for ; Sun, 17 Feb 2019 06:56:20 +0000 (UTC) Received: from grubbs.orbis-terrarum.net (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 9E21E335C97 for ; Sun, 17 Feb 2019 06:56:18 +0000 (UTC) Received: (qmail 10037 invoked by uid 10000); 17 Feb 2019 06:56:14 -0000 Date: Sun, 17 Feb 2019 06:56:14 +0000 From: "Robin H. Johnson" To: gentoo-project@lists.gentoo.org Subject: Re: [gentoo-project] [RFC] OpenPGP Authority Keys to provide validity of developer/service keys Message-ID: References: <1550306421.831.16.camel@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Q6Ii71d/u7QX3MLh" Content-Disposition: inline In-Reply-To: <1550306421.831.16.camel@gentoo.org> User-Agent: Mutt/1.11.1 (2018-12-01) X-Archives-Salt: 827f04d0-c10c-4498-87ae-be3e954792db X-Archives-Hash: 0914be7381836224878082d6f80d9891 --Q6Ii71d/u7QX3MLh Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Feb 16, 2019 at 09:40:21AM +0100, Micha=C5=82 G=C3=B3rny wrote: > Your comments? Anything I've missed? Overall, strong +1 to the idea. Some questions/remarks: 0. I will oppose any intentions to tie this proposal to the GLEP76 or other requirements of disclosing "legal" names. I realize other developers may ob= ject to this, but I don't believe that "legal" names in this context actually ga= in us anything of value.=20 1. Where are non-dev users trying to verify developer keys directly at the moment? I thought all prior work discouraged that, in favour of verifying service keys instead. I do see this proposal being of a LOT more use in the infra-run systems that verify incoming commits/pushes. 2. The uid signatures should NOT be naively exported to keyservers. They should use the CAFF method of generating a uid signature, writing it to a f= ile, and sending it as an encrypted message to the uid address. The uid owner is responsible for decrypt + sending to servers. This ensures that the email address and key are still tied together. 3. As raised elsewhere on the thread, what delays should be implicit on a n= ew dev joining vs having their key auto-signed? 4. uid signatures cannot generally exceed the lifetime of a primary key; th= e L2 signing service will need to resign regularly. How will this interact with = the CAFF design above? 5. You state that the users should trust the L1 key directly. Can you clari= fy your intent here to cover the trust? The most obvious interpretation to me is trust signature of of the L2 key, = with depth=3D2 domain=3Dgentoo.org [1]. [1] trust signatures domain restrictions are actually regular expressions; but GnuPG limits the input thereof. Just answering the query: > Please enter a domain to restrict this signature, or enter for none. > Your selection? gentoo.org Actually generates: > :signature packet: algo 22, keyid THROWAWAY > version 4, created 1550385418, md5len 0, sigclass 0x10 > digest algo 8, begin of digest f0 e4 > hashed subpkt 33 len 21 (issuer fpr v4 THROWAWAY) > hashed subpkt 2 len 4 (sig created 2019-02-17) > hashed subpkt 5 len 2 (trust signature of depth 2, value 120) > critical hashed subpkt 6 len 24 (regular expression: "<[^>]+[@.]gentoo\x5= c.org>$\0") > subpkt 16 len 8 (issuer key ID THROWAWAY) > data: [255 bits] > data: [256 bits] --=20 Robin Hugh Johnson Gentoo Linux: Dev, Infra Lead, Foundation Treasurer E-Mail : robbat2@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 --Q6Ii71d/u7QX3MLh Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Robbat2 @ Orbis-Terrarum Networks - The text below is a digital signature. If it doesn't make any sense to you, ignore it. iQKTBAABCgB9FiEEveu2pS8Vb98xaNkRGTlfI8WIJsQFAlxpBYtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEJE RUJCNkE1MkYxNTZGREYzMTY4RDkxMTE5Mzk1RjIzQzU4ODI2QzQACgkQGTlfI8WI JsSu6w//bluVyohQS4qJE0TZ1LcRRefAUy08uBymDM6zIBEWLsUCKeSeTK6OxbZY uifRZLCkJWdv1PT4ii2C77U446QPG49sDA5HRjF4jYqwIaAlFsr9AoPqTqCOa2J5 Bk/cyqhKqp6r3TfYd2+UNO0etw9wWlXyGfyYDviN9kpCw7eXveceCB1Y2L/dr4ap bvf372CfRtS4W2y977klYlCZvZUKvJJM75a3hZ1BL3nWfuPscTi3c/I6AHcaqlN7 mAlbfd8MN4dWgRbtdzGWZrUwXLNfnQC/kytboZpguVpOvcDagdG+prw9PV26xo1G wqqH6zVW3L/Oga0Cji2Hbfikvgt1ttg5DJZHYK6AFqWyIGpI9INEGse/gb1z3Aed VBIpPT1h0yiVt9PGAgdAjnpC+E0b6E4J4Mgy7jCH3NynYBeA/YAtyTubAys2W1P6 2Zgglavo02dFsc81cVG/n2HBM/Q6TxE1lrD0ggZKvqEVV5lun8mOwvNSQgHKo+t4 D+0zfXJ1bcSZ1I0sM6vnx3Umr1SsHWJIxKm5v/LRSY2vrg5p4lNfvN+OQN+vFcxP gUdGtv+hR2gXulyNGNDHXCpiVleXVd7vwvXDxNyiGzb36/6OXZzTyCkDm/NOrDl/ 2M9Loj4Q3gTJsTfzA+6h+Twk3yLQcVsWlr5e56j9n2HyJHqn28M= =s6FM -----END PGP SIGNATURE----- --Q6Ii71d/u7QX3MLh--