ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] Deprecating SHA1

2020-10-24 10:42:11
from [Neal H. Walfield] [Permanent Link] 
Hi Phil,

On Fri, 23 Oct 2020 21:23:17 +0200,
Phil Pennock wrote:


On 2020-10-23 at 14:51 +0200, Neal H. Walfield wrote:

  - Does anyone see a safe way to accept SHA1 self-signatures today?
    Or (ouch!), if we want to be safe, do we have to convince ~10% of
    the sophisticated OpenPGP users to re-sign or regenerate their
    keys?


At the start of this year, I reached out individually to maintainers
signing releases of some security critical software and had good luck
getting them to re-sign, by including instructions on how to do so.

I never got around to producing a blog-post, but the messaging worked,
everyone I reached out to followed through and fixed.  It's a small
sample set of about 5, and population biased towards caring about
security.  So while I wouldn't extrapolate to "everyone will do it", I
think with pressure "many people will".


Thanks for the report.  I think your hope is well founded.


The TLDR for folks using the widespread GnuPG software is that GnuPG
defaults to protecting you against a new self-sig, but expert-mode makes
it easy:

    gpg --expert --cert-digest-algo SHA256 --sign-key $YourKeyId


I wasn't aware of this, thanks for pointing it out.  Unfortunately,
for many keys it is not enough.

There are three types of signatures that we should worry about:

  1. User ID (and User Attribute) self signatures
  2. Subkey binding signatures
  3. Primary key binding signatures (a signing-capable subkey's "backsig")

Your suggestion causes gpg to update the User ID self signatures (1).
It is possible to update subkey binding signatures (2) by changing
their expiration time.  I'm not aware of a way using gpg to simply
say: refresh the current subkey binding signature.  As for the backsig
(3), it would make sense to update this when updating the subkey
binding signature (2), however, gpg doesn't currently do this.  See:

  https://dev.gnupg.org/T5110


If services such as keys.openpgp.org started showing big scary red
warnings above keys which lack a sane self-sig, or warning on upload,
we'd get some pressure that way.


Thats a good idea.

:) Neal

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] Deprecating SHA1, Jonathan McDowell
Next by Date:  Re: [openpgp] Deprecating SHA1, brian m. carlson
Previous by Thread:  Re: [openpgp] Deprecating SHA1, Phil Pennock
Next by Thread:  Re: [openpgp] Deprecating SHA1, Phil Pennock
Indexes:  [Date] [Thread] [Top] [All Lists]