status of the debian openpgp keyring
play

Status of the Debian OpenPGP keyring Jonathan McDowell, Gunnar - PowerPoint PPT Presentation

Jul 17, 2023 •205 likes •492 views

Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Status of the Debian OpenPGP keyring Jonathan McDowell, Gunnar Wolf What do we do Daniel Kahn Gillmor Jonathan McDowell Gunnar Wolf Escaping algorithmic fragility: So far

  1. Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Status of the Debian OpenPGP keyring Jonathan McDowell, Gunnar Wolf What do we do Daniel Kahn Gillmor Jonathan McDowell Gunnar Wolf Escaping algorithmic fragility: So far Debian Project Better key handling practices DebConf 14 • Portland, Oregon

  2. Contenidos Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, 1 What do we do Jonathan McDowell, Gunnar Wolf What do we do 2 Escaping algorithmic fragility: So far Escaping algorithmic fragility: So far Better key 3 Better key handling practices handling practices

  3. We mantain your keyrings Status of the Debian OpenPGP keyring Maybe the naming is suboptimal. . . Daniel Kahn Gillmor, Jonathan McDowell, debian-keyring-gpg 1003 keys Gunnar Wolf debian-maintainers-gpg 221 keys What do we do Escaping debian-nonupload-gpg 10 keys algorithmic fragility: So far debian-role-keys-gpg 9 keys (unused) Better key handling emeritus-keyring-pgp 237 keys (unused) practices removed-keys-gpg 750 keys (unused)

  4. We mantain your keyrings Status of the Debian OpenPGP keyring Maybe the naming is suboptimal. . . Daniel Kahn Gillmor, Jonathan McDowell, debian-keyring-gpg 1003 keys Gunnar Wolf debian-maintainers-gpg 221 keys What do we do Escaping debian-nonupload-gpg 10 keys algorithmic fragility: So far debian-role-keys-gpg 9 keys (unused) Better key handling emeritus-keyring-pgp 237 keys (unused) practices removed-keys-gpg 750 keys (unused)

  5. Active Debian keys Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices Figura: Evolution of the number of active keys, by type (inactive keys omitted)

  6. Contenidos Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, 1 What do we do Jonathan McDowell, Gunnar Wolf What do we do 2 Escaping algorithmic fragility: So far Escaping algorithmic fragility: So far Better key 3 Better key handling practices handling practices

  7. Getting rid of PGPv3 Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, PGPv3: Weak keys (key fingerprint weakness, short Gunnar Wolf keylength. . . ) What do we do 2005: 261 PGPv3 keys, 903 GPG keys Escaping algorithmic September 2010: zero PGPv3 keys fragility: So far Better key handling practices

  8. Getting rid of PGPv3 Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices Figura: Number of keys in the DD keyring, by type

  9. Forcefully removal Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Evolution of PGPv3 key migration was good Gunnar Wolf Some people just didn’t act on time What do we do In the end: Forcefully removed Escaping algorithmic 17 active keys removed fragility: So far Better key handling practices

  10. But. . . What’s wrong with 1024D? Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices

  11. But. . . What’s wrong with 1024D? Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices

  12. But. . . What’s wrong with 1024D? Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices

  13. The situation WRT 1024D (1/6) Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices Figura: Number of Nonuploading DD keys, by key length — Absolute

  14. The situation WRT 1024D (2/6) Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices Figura: Number of Nonuploading DD keys, by key length — Absolute

  15. The situation WRT 1024D (3/6) Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices Figura: Number of Maintainer keys, by key length — Absolute

  16. The situation WRT 1024D (4/6) Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices Figura: Number of Maintainer keys, by key length — Absolute

  17. The situation WRT 1024D (5/6) Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices Figura: Number of DD keys, by key length — Absolute

  18. The situation WRT 1024D (6/6) Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices Figura: Number of DD keys, by key length — Absolute

  19. Warning Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Until this point, we have stated facts. Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices

  20. Warning Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Until this point, we have stated facts. Jonathan McDowell, Gunnar Wolf What do we do Escaping algorithmic From this point on, it’s all a proposal for fragility: So far Better key discussion. handling practices

  21. The way out. . . ? Status of the Debian OpenPGP Some ideas we put on the table keyring Daniel Kahn Gillmor, Jonathan Set a hard-cutoff date McDowell, Gunnar Wolf Say, Time.now() + 6.months ? Or rather, the last day of this year? What do we do Whatever: +- that timeframe Escaping algorithmic fragility: So far But. . . What about key migration difficulties? Better key People socially disconnected from Debian handling practices People geographically disconnected Consideration to special cases But aren’t we all somehow. . . Special ?

  22. The way out. . . ? Status of the Debian OpenPGP Some ideas we put on the table keyring Daniel Kahn Gillmor, Jonathan Set a hard-cutoff date McDowell, Gunnar Wolf Say, Time.now() + 6.months ? Or rather, the last day of this year? What do we do Whatever: +- that timeframe Escaping algorithmic fragility: So far But. . . What about key migration difficulties? Better key People socially disconnected from Debian handling practices People geographically disconnected Consideration to special cases But aren’t we all somehow. . . Special ?

  23. What about signing based on. . . Status of the Debian OpenPGP keyring Migration documents? Daniel Kahn Gillmor, Non-personal contact? Jonathan McDowell, Gunnar Wolf Personal identification: Unenforceable, but widely What do we do expected Escaping algorithmic fragility: So far Better key handling practices

  24. What about signing based on. . . Status of the Debian OpenPGP keyring Migration documents? Daniel Kahn Gillmor, Non-personal contact? Jonathan McDowell, Gunnar Wolf Personal identification: Unenforceable, but widely What do we do expected (And mostly honored) Escaping algorithmic fragility: So far Better key Where should we encode this expectation? (i.e. DMUP handling practices and friends?)

  25. Contenidos Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, 1 What do we do Jonathan McDowell, Gunnar Wolf What do we do 2 Escaping algorithmic fragility: So far Escaping algorithmic fragility: So far Better key 3 Better key handling practices handling practices

  26. Key handling practices should improve Status of the Debian OpenPGP keyring Many people don’t handle their keys carefully Daniel Kahn Gillmor, enough Jonathan McDowell, Separating master keyring from key du jour Gunnar Wolf Key expiration What do we do Revocation certificates Escaping algorithmic Proper offline storage for master private key fragility: So far material Better key handling . . . practices Cannot have technical solutions for social issues. . .

  27. Expiration: Technical solution for a technical issue Status of the Debian OpenPGP keyring Daniel Kahn Could we require keys to have a set expiration date? Gillmor, Jonathan McDowell, Say, requiring 3 years expiration (+maintaining the Gunnar Wolf key updated, of course) What do we do Demonstrable key update activity (HKPS) Escaping Set a timeframe for expiring keys to be enforced algorithmic fragility: So far Periodic service where we inform you your expiration Better key handling is soon. . . practices

  28. Questions? Status of the Debian OpenPGP keyring Daniel Kahn Gillmor, Jonathan McDowell, Questions? Gunnar Wolf What do we do Escaping algorithmic fragility: So far Better key handling practices keyring-maint@debian.org

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Automated Testing of Debian Packages Status Update Lucas Nussbaum lucas@debian.org Lucas

Automated Testing of Debian Packages Status Update Lucas Nussbaum lucas@debian.org Lucas

Introduction Tests Building packages more efficiently Piuparts State of the archive collab-qa Conclusion Automated Testing of Debian Packages Status Update Lucas Nussbaum lucas@debian.org Lucas Nussbaum Automated Testing of Debian

622 views • 34 slides
OpenPGP? mailing lists? OpenPGP on mailing lists? let's fix that! manual all subscribers have

OpenPGP? mailing lists? OpenPGP on mailing lists? let's fix that! manual all subscribers have

OpenPGP? mailing lists? OpenPGP on mailing lists? let's fix that! manual all subscribers have all subscribers and all public keys doesn't scale list key scales works proxy re-encryption secure e-mail list service

472 views • 28 slides
Sylvestre Ledru sylvestre@debian.org Lo Cavaill leo+debian@cavaille.net Debian + 20

Sylvestre Ledru sylvestre@debian.org Lo Cavaill leo+debian@cavaille.net Debian + 20

Sylvestre Ledru sylvestre@debian.org Lo Cavaill leo+debian@cavaille.net Debian + 20 000 source packages ~13 architectures 3 kernels The biggest database of FLOSS code (?) The Debile Project January, 19th 2014 Sylvestre Ledru

571 views • 25 slides
The long road to aka Debian Edu in Debian Lenny main Holger Levsen, February 24 th 2008

The long road to aka Debian Edu in Debian Lenny main Holger Levsen, February 24 th 2008

The long road to aka Debian Edu in Debian Lenny main Holger Levsen, February 24 th 2008 Outline Some bits about me Project goals, design & features Debian and Debian Edu Development model and tools Debian Edu Etch

582 views • 36 slides
Patterns for Testing Debian Packages Antonio Terceiro terceiro@debian.org A brief intro to

Patterns for Testing Debian Packages Antonio Terceiro terceiro@debian.org A brief intro to

Patterns for Testing Debian Packages Antonio Terceiro terceiro@debian.org A brief intro to Debian CI autopkgtest created back in 2006 (!) 2014: Debian CI launches Goal: provide automated testing for the Debian archive (i.e. run

816 views • 68 slides
Custom Debian distributions and Debian derivatives Aigars Mahinovs Debconf 5 Debian Day

Custom Debian distributions and Debian derivatives Aigars Mahinovs Debconf 5 Debian Day

Custom Debian distributions and Debian derivatives Aigars Mahinovs Debconf 5 Debian Day Definitions Distribution a set of OS kernel and supporting software in a defined format with the possibility of some integration by adjusting

134 views • 12 slides
Debian KDE-Extras Team Debian KDE-Extras Team Mark Purcell <msp@debian.org> Introduction

Debian KDE-Extras Team Debian KDE-Extras Team Mark Purcell <msp@debian.org> Introduction

Debian KDE-Extras Team Debian KDE-Extras Team Mark Purcell <msp@debian.org> Introduction Introduction The Debian KDE Extras Team maintain a portfolio of extra application packages for Debian GNU/Linux outside the KDE core applications

554 views • 18 slides
debian-community.org Holger Levsen June 23 rd 2007 Outline some bits about me & my

debian-community.org Holger Levsen June 23 rd 2007 Outline some bits about me & my

debian-community.org Holger Levsen June 23 rd 2007 Outline some bits about me & my inspiriation for this basic ideas: email, planets, t-shirts more goals, i18n simple code of conduct debian endorsement status, timeline

572 views • 31 slides
Distribui c oes Personalizadas Debian Otavio Salvador Enrico Zini otavio@debian.org,

Distribui c oes Personalizadas Debian Otavio Salvador Enrico Zini otavio@debian.org,

Conte udo Como criar um Distribui c ao Personalizada Debian Debian-BR-CDD Distribui c oes Personalizadas Debian Otavio Salvador Enrico Zini otavio@debian.org, enrico@debian.org Congreso Internacional de Software Livre - 2 Edi

532 views • 25 slides
Running an SME on Debian or Managing Debian across the whole fleet Apollon Oikonomopoulos

Running an SME on Debian or Managing Debian across the whole fleet Apollon Oikonomopoulos

apoikos@debian.org Running an SME on Debian or Managing Debian across the whole fleet Apollon Oikonomopoulos DebConf16 - Cape Town 2016-07-04 Outline Introduction Installation Configuration management Package management People 2/26

697 views • 27 slides
Cooperation and Social Status in Free and Open Source Projects Gaudenz Steinlin

Cooperation and Social Status in Free and Open Source Projects Gaudenz Steinlin

Cooperation and Social Status in Free and Open Source Projects Gaudenz Steinlin gaudenz@debian.org DebConf 9, Caceres, Spain Introduction About my masters thesis in sociology Based on empirical process data gathered from the Debian

365 views • 36 slides
Debian Derivatives P r e s e n t a t i o n / B o F D e b C o n f 1 6 , C

Debian Derivatives P r e s e n t a t i o n / B o F D e b C o n f 1 6 , C

Debian Derivatives P r e s e n t a t i o n / B o F D e b C o n f 1 6 , C a p e T o w n Debian Derivatives Hctor Orn Martnez <hector.oron@collabora.co.uk> <zumbi@debian.org> Works for Collabora

511 views • 15 slides
Secret Debian Internals Enrico Zini enrico@debian.org 25 February 2007 Enrico Zini

Secret Debian Internals Enrico Zini enrico@debian.org 25 February 2007 Enrico Zini

Secret Debian Internals Enrico Zini enrico@debian.org 25 February 2007 Enrico Zini enrico@debian.org Secret Debian Internals BTS Where to find it Source code: bzr branch http://bugs.debian.org/debbugs-source/mainline/ Data on merkel at

370 views • 16 slides
cran2deb: A fully automated CRAN to Debian package generation system UseR! 2009 Presentation

cran2deb: A fully automated CRAN to Debian package generation system UseR! 2009 Presentation

Why How Status Open Issues cran2deb: A fully automated CRAN to Debian package generation system UseR! 2009 Presentation Charles Blundell 1 Dirk Eddelbuettel 2 1 Gatsby Computational Neuroscience Unit University College London, UK 2 Debian and

487 views • 15 slides
Debian 8.0 AKA jessie Michael Prokop Facts 1/3 Debian 8, codename jessie 2 years

Debian 8.0 AKA jessie Michael Prokop Facts 1/3 Debian 8, codename jessie 2 years

Debian 8.0 AKA jessie Michael Prokop Facts 1/3 Debian 8, codename jessie 2 years after Debian 7, codename wheezy (2013-05-04) Release Date: 2015-04-25 [party!] 75 supported languages 4.841 new source packages

587 views • 19 slides
systemd in Debian - a status update Michael Biebl July 5, 2016 introduction polish and QA

systemd in Debian - a status update Michael Biebl July 5, 2016 introduction polish and QA

systemd in Debian - a status update Michael Biebl July 5, 2016 introduction polish and QA trimming the base OS getting rid of legacy cruft polish and QA stable updates 4 stable point releases in jessie bug fixes and

550 views • 13 slides
FY 2018 Housing Counseling Training Grant Application Audio is available only by conference call.

FY 2018 Housing Counseling Training Grant Application Audio is available only by conference call.

FY 2018 Housing Counseling Training Grant Application Audio is available only by conference call. Please call: (866) 233-3852 Participant Access Code: 451939 August 9, 2018 1 OFFICE OF HOUSING COUNSELING Webinar Logistics Audio is being

1.15k views • 88 slides
Integrating Drawing Tablet and Video Capturing/Sharing to Facilitate Student Learning ACM Global

Integrating Drawing Tablet and Video Capturing/Sharing to Facilitate Student Learning ACM Global

Integrating Drawing Tablet and Video Capturing/Sharing to Facilitate Student Learning ACM Global Computing Education CompEd19 / May 18 / Chengdu, China Chen-Wei Wang York University, Toronto, Canada Challenges of Undergraduate Teaching 1.

643 views • 24 slides
Taxes and Financing Decisions Jonathan Lewellen & Katharina Lewellen Overview Taxes and

Taxes and Financing Decisions Jonathan Lewellen & Katharina Lewellen Overview Taxes and

Taxes and Financing Decisions Jonathan Lewellen & Katharina Lewellen Overview Taxes and corporate decisions What are the tax effects of capital structure choices? How do taxes affect the cost of capital? How do taxes affect payout

1.07k views • 92 slides
Netflix and FreeBSD: Using Open Source to Deliver Streaming Video Jonathan Looney FOSDEM 2019

Netflix and FreeBSD: Using Open Source to Deliver Streaming Video Jonathan Looney FOSDEM 2019

Netflix and FreeBSD: Using Open Source to Deliver Streaming Video Jonathan Looney FOSDEM 2019 Open Connect NETFLIX AND FREEBSD FOSDEM 2019 Open Connect is Netflixs CDN. It is global, efficient, and purpose-built for distributing

498 views • 25 slides
Long Baseline Neutrino Experiments Jonathan Paley, Ph.D. Indiana University Neutrinos and Dark

Long Baseline Neutrino Experiments Jonathan Paley, Ph.D. Indiana University Neutrinos and Dark

Long Baseline Neutrino Experiments Jonathan Paley, Ph.D. Indiana University Neutrinos and Dark Matter 2009 Madison, WI September 2009 Long Baseline Experiments 2 Long Baseline Experiments Present day: precision neutrino oscillation

1.06k views • 81 slides
Tie story begins almost 50 years ago with the invention of domain theory and denotational semantics

Tie story begins almost 50 years ago with the invention of domain theory and denotational semantics

Tie story begins almost 50 years ago with the invention of domain theory and denotational semantics . Main idea: find category in which mixed variance operators have fixed points. Variety of techniques employed today, but the problem of mixed

668 views • 45 slides
Multi-Query Optimization in Wide-Area Streaming Analytics Albert Jonathan, Abhishek Chandra, Jon

Multi-Query Optimization in Wide-Area Streaming Analytics Albert Jonathan, Abhishek Chandra, Jon

Multi-Query Optimization in Wide-Area Streaming Analytics Albert Jonathan, Abhishek Chandra, Jon Weissman University of Minnesota Wide-Area Streaming Analytics Real-time analysis over large continuous data streams generated at the edge

316 views • 19 slides
LR-GLM: High-Dimensional Bayesian Inference Using Low-Rank Data Approximations Brian Trippe ,

LR-GLM: High-Dimensional Bayesian Inference Using Low-Rank Data Approximations Brian Trippe ,

LR-GLM: High-Dimensional Bayesian Inference Using Low-Rank Data Approximations Brian Trippe , Jonathan Huggins, Raj Agrawal, and Tamara Broderick LR-GLM: High-Dimensional Bayesian Inference Using Low-Rank Data Approximations Brian Trippe ,

502 views • 23 slides

More recommend