laying groundwork for an eventual migration away from SHA1 with gpg

David Shaw dshaw at jabberwocky.com
Thu May 7 20:03:59 CEST 2009 

On May 6, 2009, at 1:38 AM, Daniel Kahn Gillmor wrote:

> Hi gpg folks--
>
> In the interest of building a web of trust that is not reliant on  
> SHA-1
> sometime in the future, i've posted some initial suggestions in the  
> form
> of a HOWTO for debian users and developers to my blog:
>
>   http://www.debian-administration.org/users/dkg/weblog/48
>
> The goal of the piece is to outline a few practical steps that
> relatively skilled users can take to lay the groundwork for an
> environment in which we can effectively deprecate SHA1 in the future
> without cutting everyone off from each other.

I think you did a good job on this.  I have one comment, in regards to  
step 5 in your migration plan:

>> 5. (day 0 through day 90) Review the set of public certifications  
>> you've made ("keys you've signed") with your old key. For keys you  
>> believe to still be active (maybe you want to check with the key  
>> owner), issue a new certification with your new key. If you get a  
>> request for new keysignings, use your new key during this period.


This one bothers me a bit.  I would definitely not want to re-sign a  
key without - at a minimum - checking with the key owner.  For all I  
know, he's lost the secret key or doesn't use that key any longer.   
Presumably I did some decent level of checking when I first signed his  
key, and I need to take care if I don't want to violate that original  
check when/if I re-sign.

Personally, when I switched to SHA-256 a few years ago, I didn't re- 
issue any signatures.  If I happen on the same person at a keysigning  
event, I'll re-sign of course, but I didn't seek people out to do it.   
I think it's prudent to move away from SHA-1 (and did), but actually  
going back and re-making old signatures seems excessive to me.

Incidentally, there is a minor technical gotcha in the re-signing  
plans in general.  Neither PGP nor GPG will allow you to re-sign a key  
you've already signed.  You can work around this by deleting the old  
signature first, then re-signing.

GPG also lets you force a re-signing by signing with "--expert", but  
that's not really appropriate for a published plan like yours (as a  
general thing, if you have to use --expert to get a regular job done,  
something is wrong somewhere).

David

More information about the Gnupg-devel mailing list