[pkg-gnupg-maint] slides for tomorrow's report
NIIBE Yutaka
gniibe at fsij.org
Sun Aug 16 03:36:22 UTC 2015
On 08/16/2015 09:19 AM, Daniel Kahn Gillmor wrote:
> We worked up a short slide deck, which i'm attaching here. Please let
> me know if you have any comments on it.
I think that this would be not a topic in Debconf15, but there will be
key algorithm issue someday. I mean, introducing ECC keys.
It should have not been a major topic because of supported curves;
NIST curves were difficult to recommend. Now, with GnuPG 2.1.7
(privided libgcrypt master branch is installed), it is possible to use
the primary key of ed25519 and the subkey of cv25519. This could be
recommended. When libgcrypt 1.7 will be released, it will be ready to
use.
Actually, I caused a problem in Debian keyring maintenance because of
ECC key of mine, because of a bug in GnuPG. In Feb 2014, I put subkey
of ECC with curve secp256k1 (secp256k1 is not supported in released
libgcrypt versions, but only master branch). The bug was: everytime my
key was refreshed, the particular same subkey was added because there
had a bug in GnuPG to compare key identity. It resulted big key
material in the keyring.
To summarize, I agree that the following is important topic.
(1) There will be important transition in Debian for GnuPG.
... and my point is that addressing following would be good:
(2) After that, it will be another transition of each developer's
key (perhaps gradually).
(3) In my opinion, perhaps, it would be better not to recommend
use of ECC key with NIST curves. We should have some guidance
for ECC migration/transition.
Note: the primary key of ed25519 with the subkey of cv25519 is too
new. I don't think any key server supports cv25519 now.
--
More information about the pkg-gnupg-maint
mailing list