Re: [Debconf-discuss] DebConf17: Last call for keys for keysigning in Montreal, Canada
On Fri, Jul 21, 2017 at 2:07 PM, Anibal Monsalve Salazar wrote: > DebConf17: Last call for keys for keysigning in Montreal, Canada > > As part of the 18th Debian Conference in Montreal, Canada there will > be OpenPGP (pgp/gpg) keysignings. If you intend to participate in > the DebConf17 keysignings, please send your ascii armored public key > as explained at [0] no later than 23:59 UTC/GMT/Zulu on Sunday 23 > July 2017, this coming Sunday. > > More (and up-to-date) information is available at [0], so keep > watching it. > > If you sent your key and it's not listed at [1] please resend it. > > Curently, I have 77 keys listed at [1]: > >1 nistp521 >2 rsa2048 > 73 rsa4096 >1 rsa8192 > > If you don't have an ed25519 key and would like to create your own > ECC key (not the ones recommended by NIST, which may have NSA > backdoors [2]), please read the information by NIIBE Yutaka at [3]. > > [0] http://people.debian.org/~anibal/ksp-dc17/ksp-dc17.html > [1] https://people.debian.org/~anibal/ksp-dc16/names.html s/dc16/dc17/ [1] https://people.debian.org/~anibal/ksp-dc17/names.html Thank you to the people who noticed the typo. > [2] https://en.wikipedia.org/wiki/Elliptic_curve_cryptography#Applications > [3] http://www.gniibe.org/memo/software/gpg/keygen-25519.html > > If you have questions please send them to the mailing list at > debconf-discuss@lists.debconf.org. If you don't want to post to the > mailing list, send your questions to ani...@debian.org, > d...@debian.org and gw...@debian.org. ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
[Debconf-discuss] Mobile SIMs for Montreal
Hi all, I'll be a DebConf newbie in Montreal, and very much looking forward to it! I've been told that in previous years there was either a sponsorship deal or people banded together to obtain SIM cards for foreign DebConf delegates. Is there likely to be something similar this year? If not, I'd like some recommendations from the locals for a SIM card that I can use while I'm there for the two weeks of DebConf + DebCamp. I'm looking for something with ~500MB of data to tide me over, any calls or text messages would be a bonus but not required. Thanks! See you all in Montreal! Chris -- Chris Boot bo...@debian.org GPG: 8467 53CB 1921 3142 C56D C918 F5C8 3C05 D9CE signature.asc Description: OpenPGP digital signature ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] DebConf17: Last call for keys for keysigning in Montreal, Canada
On 21/07/17 01:07, Anibal Monsalve Salazar wrote:
> DebConf17: Last call for keys for keysigning in Montreal, Canada
>
> If you don't have an ed25519 key and would like to create your own
> ECC key (not the ones recommended by NIST, which may have NSA
> backdoors [2]), please read the information by NIIBE Yutaka at [3].
Hi Anibal!
It seems to me that I should have sent this into the proper Debian list
and not debconf-discuss@, but since you kindly mentioned the subject, I
fired it up in here! 8)
Is any ECC crypto set allowed by FTP-Master/Debian Keyring Manaintainers
by these days? I understand it has not been accepted as part of the
gnupg/opengpg standards.
A quick dive into the Debian Keyring seems not one key has been
uploaded/got accepted one yet:
dererk erebus[~]$ gpg --no-default-keyring --keyring
/usr/share/keyrings/debian-keyring.gpg --list-sigs | grep ^pub | awk
'{print $2}' | sort | uniq -c
1 dsa3072
1 rsa10240
29 rsa2048
4 rsa3072
1 rsa3744
1 rsa3936
808 rsa4096
1 rsa5120
6 rsa8192
I still use my 4Krsa key for lots of stuff, and even though I'm not
dpk^W a person that truly understands the underlining math that supports
it, I just particularly find ECC to be extremely practical when dealing
with smaller cryptographic challenges/computing power required, and also
smaller public keys and still get served beef :D
Thanks for always push this stuff year after year!
Cheers,
Dererk
--
She liked him; he was a man of many qualities, even if most of them were
bad.
___
Debconf-discuss mailing list
Debconf-discuss@lists.debconf.org
http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] DebConf17: Last call for keys for keysigning in Montreal, Canada
On Fri, Jul 21, 2017 at 11:11 PM, Dererk wrote:
> On 21/07/17 01:07, Anibal Monsalve Salazar wrote:
>> DebConf17: Last call for keys for keysigning in Montreal, Canada
>>
>> If you don't have an ed25519 key and would like to create your own
>> ECC key (not the ones recommended by NIST, which may have NSA
>> backdoors [2]), please read the information by NIIBE Yutaka at [3].
>
> Hi Anibal!
>
> It seems to me that I should have sent this into the proper Debian list
> and not debconf-discuss@, but since you kindly mentioned the subject, I
> fired it up in here! 8)
>
> Is any ECC crypto set allowed by FTP-Master/Debian Keyring Manaintainers
> by these days?
Not yet.
> I understand it has not been accepted as part of the
> gnupg/opengpg standards.
Maybe someone from the keyring team will tell us about their plans WRT ECC keys.
Or ask Gunnar during his talk about the Debian keyrings.
> A quick dive into the Debian Keyring seems not one key has been
> uploaded/got accepted one yet:
>
> dererk erebus[~]$ gpg --no-default-keyring --keyring
> /usr/share/keyrings/debian-keyring.gpg --list-sigs | grep ^pub | awk
> '{print $2}' | sort | uniq -c
> 1 dsa3072
> 1 rsa10240
> 29 rsa2048
> 4 rsa3072
> 1 rsa3744
> 1 rsa3936
> 808 rsa4096
> 1 rsa5120
> 6 rsa8192
>
> I still use my 4Krsa key for lots of stuff, and even though I'm not
> dpk^W a person that truly understands the underlining math that supports
> it, I just particularly find ECC to be extremely practical when dealing
> with smaller cryptographic challenges/computing power required, and also
> smaller public keys and still get served beef :D
>
> Thanks for always push this stuff year after year!
>
> Cheers,
>
> Dererk
___
Debconf-discuss mailing list
Debconf-discuss@lists.debconf.org
http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] DebConf17: Last call for keys for keysigning in Montreal, Canada
On Fri, Jul 21, 2017 at 10:11:50AM -0300, Dererk wrote: > Is any ECC crypto set allowed by FTP-Master/Debian Keyring Manaintainers > by these days? I understand it has not been accepted as part of the > gnupg/opengpg standards. ECC for OpenPGP is in RFC 6637. EdDSA is in draft, though, as I read it, GnuPG's Curve25519 implementation is in violation of RFC 4880bis. ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] DebConf17: Last call for keys for keysigning in Montreal, Canada
On Fri, Jul 21, 2017 at 10:11:50AM -0300, Dererk wrote: > On 21/07/17 01:07, Anibal Monsalve Salazar wrote: > > DebConf17: Last call for keys for keysigning in Montreal, Canada > > > > If you don't have an ed25519 key and would like to create your own > > ECC key (not the ones recommended by NIST, which may have NSA > > backdoors [2]), please read the information by NIIBE Yutaka at [3]. > > Hi Anibal! > > It seems to me that I should have sent this into the proper Debian list > and not debconf-discuss@, but since you kindly mentioned the subject, I > fired it up in here! 8) > > Is any ECC crypto set allowed by FTP-Master/Debian Keyring Manaintainers > by these days? I understand it has not been accepted as part of the > gnupg/opengpg standards. > > A quick dive into the Debian Keyring seems not one key has been > uploaded/got accepted one yet: There are ECC subkeys present on the Debian keyring, but there is no guarantee that any of the Debian infrastructure will support them at present and there are no current plans for keyring-maint to access primary ECC keys due to this. Now that stretch has released including GnuPG 2.1 we now have a stable release that can actually support ECC keys, but it will take a while before this has been rolled out to all the users of the keyring within the Debian infrastructure. J. -- /-\ | I'm from the government. I'm here |@/ Debian GNU/Linux Developer |to help you. \- | signature.asc Description: Digital signature ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] DebConf17: Last call for keys for keysigning in Montreal, Canada
On Fri, 21 Jul 2017, Clint Adams wrote: > On Fri, Jul 21, 2017 at 10:11:50AM -0300, Dererk wrote: > > Is any ECC crypto set allowed by FTP-Master/Debian Keyring Manaintainers > > by these days? I understand it has not been accepted as part of the > > gnupg/opengpg standards. > > ECC for OpenPGP is in RFC 6637. EdDSA is in draft, though, as I read > it, GnuPG's Curve25519 implementation is in violation of RFC 4880bis. Hmm, not only that, but gnupg's non-NIST ECC key sizes are a bit on the smaller size right now (about as safe as RSA-2k or RSA-3k, I believe?). Since this is gnupg 2+ territory only anyway, might as well have a large RSA *master* key (8192+ bits -- this security margin against implementation issues such as CVE-2017-7526, which leaks a truckload of private key bits, enough to completely expose RSA-1024 private keys), and EdDSA subkeys that get rotated yearly... There is at least one major annoyance when dealing with low-longevity keys, though: signatures in VCS repositories, etc. For git, you can simply resign the tags and document that this will happen appropriately *well in advance*, but signed commits will pester people about expired keys forever (no ways around this one, it is a desired design decision, it would have to be dealt with in the UI). -- Henrique Holschuh ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Mobile SIMs for Montreal
On Fri, Jul 21, 2017 at 9:29 PM, Chris Boot wrote: > If not, I'd like some recommendations from the locals for a SIM card > that I can use while I'm there for the two weeks of DebConf + DebCamp. > I'm looking for something with ~500MB of data to tide me over, any calls > or text messages would be a bonus but not required. The FAQ recommends using roaming for data: https://wiki.debconf.org/wiki/DebConf17/FAQ#Sim_cards -- bye, pabs https://wiki.debian.org/PaulWise ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Mobile SIMs for Montreal
On Sat, 22 Jul 2017 11:34:25 +1000, Paul Wise wrote: > > If not, I'd like some recommendations from the locals for a SIM card > > that I can use while I'm there for the two weeks of DebConf + DebCamp. > > I'm looking for something with ~500MB of data to tide me over, any calls > > or text messages would be a bonus but not required. > The FAQ recommends using roaming for data: > https://wiki.debconf.org/wiki/DebConf17/FAQ#Sim_cards That advice might misinterpret the situation for some potential addressees; e.g. I'd pay €1.99 for 100KB, which seems slightly suboptimal to me. Cheers, gregor, who happily lives without mobile internet but believes that roaming is not a viable solution for average Europeans -- .''`. https://info.comodo.priv.at/ - Debian Developer https://www.debian.org : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06 `. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe `- NP: Led Zeppelin: You Shook Me signature.asc Description: Digital Signature ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
