ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Deprecating SHA1

2020-10-24 20:04:03
On 2020-10-24 at 17:41 +0200, Neal H. Walfield wrote:
I wasn't aware of this, thanks for pointing it out.  Unfortunately,
for many keys it is not enough.

[profanity]

There are three types of signatures that we should worry about:

  1. User ID (and User Attribute) self signatures
  2. Subkey binding signatures
  3. Primary key binding signatures (a signing-capable subkey's "backsig")

Okay, I think the cases I hit didn't have this, or folks took time to
add new subkeys when things expired.  The UID self-sig is the one needed
to let the web-of-trust calculate without SHA1 so is what I cared about.

For myself, even with the oldest key, using expiring subkeys and
refreshing periodically with newer subkeys, everything _except_ the
self-sig had updated automatically by the time I went looking.

I think really we need some nice pgpkey-sanitycheck command-line tool,
from any project, which looks purely at public key information, so
doesn't need to care about internals (private keys, keyboxes, etc).

Such a tool might then report on outdated algorithms used in important
places, while avoiding getting into the political mess of which
algorithm order preferences should be included in a key.

Deprecating X without tools to make it _trivial_ for people to tell if
they're affected by X is going to be frustrating.  In my previous email,
I didn't mention the diagnostics I used to show people that their key
was affected, but it involved `gpg --list-packets` and it was not
pretty.

I held off on "asking others to write software for me" in the previous
post, keeping it to "this exists now".  This time around, I'm throwing
out a "Hey, pgpkey-sanitycheck would be a nice tool to have, folks" and
running away.

-Phil

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp