Bug#812944: hokey lint: please warn about cryptographic weaknesses related to subkeys

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Jan 28 00:53:09 UTC 2016 

Package: hopenpgp-tools
Version: 0.17-1
Severity: normal

currently, hokey lint does some verification about the quality of the
primary key and the cryptographic details of the user-id and
user-attribute binding signatures.

However, the subkey binding signatures (and related cross-signatures)
are not reviewed.  They should be.

Things to look for:

 * no encryption-capable subkey (this means people can't send you
   confidential messages)

 * any RSA or DSA or El Gamal subkey < 2048 bits should be red.  <
   3072 should probably be yellow (use the same rules as for strength
   of primary keys for simplicity).

 * subkeys that combined usage flags.  only one of signing,
   authentication, or encryption should be present.  (encryption is
   actually two flags itself because "messages" and "data" are an
   unclear division)

 * certification-capable subkeys are probably a bad idea.

 * signing-capable subkeys that have no embedded cross-certification
   (https://tools.ietf.org/html/rfc4880#section-5.2.3.26) should have a
   red alert advising them to have one.

 * authentication-capable subkeys that have no embedded cross
   certification should probably have a yellow alert.

 * subkey binding signatures should be made with a reasonable digest
   (definitely not MD5 or SHA1 -- maybe avoid SHA224)

 * cross-certifications should be made with a reasonable digest too

 * timestamps of subkey binding signatures and their embedded
   cross-certs should be sane (e.g. the cross-cert should be at the
   same time or slightly before the subkey binding signature; their
   expiration dates should probably match)

 * we might want some guidelines on suggested lifetimes of subkeys,
   but i'm not sure what to specify here, and this is probably more
   subjective than the other proposals above.

i hope this is a useful set of suggestions.

Thanks for hopenpgp-tools!

  --dkg
 
-- System Information:
Debian Release: stretch/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages hopenpgp-tools depends on:
ii  libbz2-1.0    1.0.6-8
ii  libc6         2.21-6
ii  libffi6       3.2.1-4
ii  libgmp10      2:6.1.0+dfsg-2
ii  libncursesw5  6.0+20151024-2
ii  libnettle6    3.1.1-4
ii  libtinfo5     6.0+20151024-2
ii  libyaml-0-2   0.1.6-3
ii  zlib1g        1:1.2.8.dfsg-2+b1

hopenpgp-tools recommends no packages.

hopenpgp-tools suggests no packages.

-- debconf-show failed

More information about the Pkg-haskell-maintainers mailing list