Re: [pkg-gnupg-maint] What do we do about GnuPG 1.4 in debian?

Sat, 30 Apr 2022 11:42:55 -0700 

Daniel Kahn Gillmor <d...@fifthhorseman.net> writes:

> Thanks for this review, Russ!  Can you give a more detailed breakdown of
> these keys?  for example, at least algorithm choice and size?  (iiuc,
> all PGP-2 keys are RSA keys, but i don't think their sizes are
> constrained).

This is for all keys, just just for the obsolete keys.  I suspect the last
two lines are all modern keys.

      2 pub    512R
      1 pub    768R
      7 pub   1024D
     67 pub   1024R
      1 pub   1535R
      1 pub   2047R
     18 pub   2048R
      3 pub   4096R

I'm happy to provide more detailed information but I don't know the flags
to gpg1 very well, so I'm not sure what would produce useful information.

Most of these are not in active use, and I don't object to using this as a
driving force to do a bunch of spring cleaning and tell hierarchy
administrators they need to generate new keys if they want their control
messages to still be honored.

> I don't know enough about how Usenet uses these keys, but I think
> they're only relevant for continued use if they involve decryption.

They are exclusively used to sign and verify control messages using the
pgpverify protocol [1].  Some of these old PGP-2 keys are still in active
use to sign newly-issued control messages because getting sites to update
the keys is hard, and Usenet is very low on resources.  Usenet keys are
basically never used for encryption or decryption.

Part of the problem with convincing people to upgrade is that this isn't a
very high-security problem and it's not horribly difficult to correct for
any attacks.  It's very unlikely that anyone would spend thousands of
dollars to forge a Usenet control message.  I'm dubious that anyone would
even spend $100.  (Those 512-bit RSA keys may be even cheaper to
compromise than that at this point, though.  I haven't kept up with the
state of the art.)

Still, we should modernize.  (I issued a new Big Eight key and am
dual-issuing control messages now with both the old and new key, and plan
to continue dual-issuing control messages until the software to issue
signatures with the old key is no longer supported.)

[1] https://www.eyrie.org/~eagle/usefor/other/pgpverify
    I kept meaning to write an RFC but never got around to it.

-- 
Russ Allbery (r...@debian.org)              <https://www.eyrie.org/~eagle/>

Reply via email to