Hi, Bart Martens: > On Sun, Feb 23, 2014 at 07:57:43AM +0000, Marco d'Itri wrote: > > gw...@gwolf.org wrote: > > > > >So, what do you suggest? > > Persuade developers that they should sign the new key of people whose > > old key they have already signed, with no need to meet them in person. > > No, because this would reduce the value of the new keys to the weakness of the > 1024 bit keys. > That's somewhat true for now given a sufficiently-motivated attacker, but if *afterwards* some nefarious $CENSORED gets the idea that $DD would be a nice target for hacking their key, they'd be out of luck. They'd also be out of luck if the DD's new key happens to already exist (which the DD who's asked to sign the new key should obviously check).
Thus I would add the new key provisionally; if it doesn't get any new signatures from DDs with non-provisional strong keys during, say, the rest of this year, then delete it from the keyring. This would still be more secure than waiting a year before disabling the old keys, and come 2015 there would be no difference. However, I see another problem. http://keyring.debian.org/replacing_keys.html states that, if Alice wants to get her key X replaced with key Y, >> Alice must get a Debian developer […] to sign a message requesting the >> replacement of key X with key Y on behalf of Alice … which IMHO is an unnecessary burden if Alice's old and new key are valid and sufficiently DD-signed. -- -- Matthias Urlichs
signature.asc
Description: Digital signature
