laying groundwork for an eventual migration away from SHA1 with gpg
dshaw at jabberwocky.com
Thu May 7 20:03:59 CEST 2009
On May 6, 2009, at 1:38 AM, Daniel Kahn Gillmor wrote:
> Hi gpg folks--
> In the interest of building a web of trust that is not reliant on
> sometime in the future, i've posted some initial suggestions in the
> of a HOWTO for debian users and developers to my blog:
> The goal of the piece is to outline a few practical steps that
> relatively skilled users can take to lay the groundwork for an
> environment in which we can effectively deprecate SHA1 in the future
> without cutting everyone off from each other.
I think you did a good job on this. I have one comment, in regards to
step 5 in your migration plan:
>> 5. (day 0 through day 90) Review the set of public certifications
>> you've made ("keys you've signed") with your old key. For keys you
>> believe to still be active (maybe you want to check with the key
>> owner), issue a new certification with your new key. If you get a
>> request for new keysignings, use your new key during this period.
This one bothers me a bit. I would definitely not want to re-sign a
key without - at a minimum - checking with the key owner. For all I
know, he's lost the secret key or doesn't use that key any longer.
Presumably I did some decent level of checking when I first signed his
key, and I need to take care if I don't want to violate that original
check when/if I re-sign.
Personally, when I switched to SHA-256 a few years ago, I didn't re-
issue any signatures. If I happen on the same person at a keysigning
event, I'll re-sign of course, but I didn't seek people out to do it.
I think it's prudent to move away from SHA-1 (and did), but actually
going back and re-making old signatures seems excessive to me.
Incidentally, there is a minor technical gotcha in the re-signing
plans in general. Neither PGP nor GPG will allow you to re-sign a key
you've already signed. You can work around this by deleting the old
signature first, then re-signing.
GPG also lets you force a re-signing by signing with "--expert", but
that's not really appropriate for a published plan like yours (as a
general thing, if you have to use --expert to get a regular job done,
something is wrong somewhere).
More information about the Gnupg-devel