[pkg-gnupg-maint] slides for tomorrow's report

Sun Aug 16 08:49:17 UTC 2015

Hi gniibe---

i hope to see you here soon!

On Sun 2015-08-16 05:36:22 +0200, NIIBE Yutaka wrote:
> I think that this would be not a topic in Debconf15, but there will be
> key algorithm issue someday.  I mean, introducing ECC keys.

yep, agreed.

> It should have not been a major topic because of supported curves;
> NIST curves were difficult to recommend.  Now, with GnuPG 2.1.7
> (privided libgcrypt master branch is installed), it is possible to use
> the primary key of ed25519 and the subkey of cv25519.  This could be
> recommended.  When libgcrypt 1.7 will be released, it will be ready to
> use.

right; we're not there yet, and gpg2 doesn't even permit the creation of
ECC keys without --expert.  I think this is a good thing -- we want to
be able to parse and encrypt to and verify signatures from ECC keys well
before we start deploying them widely.

> Actually, I caused a problem in Debian keyring maintenance because of
> ECC key of mine, because of a bug in GnuPG.  In Feb 2014, I put subkey
> of ECC with curve secp256k1 (secp256k1 is not supported in released
> libgcrypt versions, but only master branch).  The bug was: everytime my
> key was refreshed, the particular same subkey was added because there
> had a bug in GnuPG to compare key identity.  It resulted big key
> material in the keyring.

yep, but fortunately that was fixed upstream :)

> To summarize, I agree that the following is important topic.
>
>     (1) There will be important transition in Debian for GnuPG.
>
> ... and my point is that addressing following would be good:
>
>     (2) After that, it will be another transition of each developer's
>         key (perhaps gradually).
>
>     (3) In my opinion, perhaps, it would be better not to recommend
>         use of ECC key with NIST curves.  We should have some guidance
> 	for ECC migration/transition.
>
> Note: the primary key of ed25519 with the subkey of cv25519 is too
> new.  I don't think any key server supports cv25519 now.

right, i think the detailed answer to these questions are more a matter
for keyring-maint than for pkg-gnupg (e.g. i doubt we'd want to force
another transition on people, since we don't currently believe strong
RSA is broken, and since we don't have ECC encrypt/verify support in
stable yet).

But i'll try to point out the broad picture of what this transition
looks like during the pkg-gnupg report so that people have some pointers
for thinking about it.  I've added another slide to the deck to make
sure this topic gets covered.

Thanks for the quick feedback,

       --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20150816/7ef753bb/attachment.sig>