FAQ: seeking consensus

Michał Górny mgorny at gentoo.org
Fri Oct 18 08:20:30 CEST 2019

On Thu, 2019-10-17 at 15:18 -0400, Robert J. Hansen wrote:
> 1.  How should we handle the SKS keyserver attacks?
> One school of thought says "SKS is tremendously diminished as a
> resource, because using it can wedge older GnuPG installations and we
> can't make people upgrade.  We should recommend people use other methods
> than SKS."  If you think this is correct, please let me know what you
> think the alternate method should be.
> Another says, "with a recent GnuPG release SKS may be used productively
> and we should keep the current advice."
> Is there another solution I'm overlooking?  Please don't think I'm
> limiting the discussion to just those two.  If you've got a third way
> (or a fourth, or a fifth) I'd love to hear them.

I think right now the FAQ has a bit of redundancy with mentioning SKS
all the time.  My suggestion would be to start by deduplicating that. 
Try to make most of it keyserver-agnostic.

Then, possibly in 'Is there any particular keyserver I should use?'
discuss both SKS and keys.openpgp.org.  I suppose comparing them would
be good, and mentioning which GnuPG versions are vulnerable
to poisoning.

That said, given that this is a more generic design problem than
specific SKS vulnerability, it would probably use its own answer
in the FAQ.

> =====
> 2.  What should be done about the FAQ's guidance to use RSA-2048?
> First, I think everyone agrees it should be removed, as it's just not
> accurate any more; we've defaulted to RSA-3072 for some time.
> One option is, "remove it and update the text to refer to RSA-3072, our
> current default."
> Another is, "remove it and update the text to refer to ECC, which will
> be our next default."  (If so: which curve and which lengths do you
> think should be the default?)
> (Again, third, fourth, and fifth ways are welcomed.)

Well, if it's still meant to say 'Why does GnuPG default...', then
obviously it needs to be updated.  Probably it is worthwhile to
explicitly indicate when the default has changed, and why.

Probably the question below it 'Do other high-security...' would also
need to be updated, maybe make it more generic, like what sizes do other
applications use.

> =====
> 3.  What should we advise people about their existing RSA-2048 keys?
> "There's no rush, but migrating them to [whatever our new guidance is]
> at a deliberate pace is advised, since RSA-2048 isn't expected to be
> generally safe past 2030"
> or
> "Your existing RSA-2048 keys are fine, you don't need to take any action"
> (Again, third, fourth, and fifth ways are welcomed.)

The latter.  Let's wait a bit how things emerge.  It would be silly to
have people redo their keys just to have them redo them for ECC again

Best regards,
Michał Górny

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 618 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20191018/fd10457b/attachment.sig>

More information about the Gnupg-users mailing list