1 |
> On Jul 5, 2018, at 4:53 PM, Michał Górny <mgorny@g.o> wrote: |
2 |
> |
3 |
> Hi, |
4 |
> |
5 |
> Here's third version of the patches. I've incorporated the feedback |
6 |
> so far and reordered the patches (again) to restore their |
7 |
> degree-of-compatibility order. The full text is included below. |
8 |
> |
9 |
> |
10 |
> Michał Górny (12): |
11 |
> glep-0063: Use 'OpenPGP' as appropriate |
12 |
> glep-0063: RSAv4 -> OpenPGP v4 key format |
13 |
> glep-0063: 'Gentoo subkey' → 'Signing subkey' |
14 |
> glep-0063: Root key → primary key |
15 |
> glep-0063: Split out the signing subkey into a separation point |
16 |
> glep-0063: Explain minimal & recommended sections |
17 |
> glep-0063: Change the recommended RSA key size to 2048 bits |
18 |
> glep-0063: Allow ECC curve 25519 keys |
19 |
> glep-0063: Stop recommending DSA subkeys |
20 |
> glep-0063: Make 2-yearly expiration term mandatory |
21 |
> glep-0063: Require renewal 2 weeks before expiration |
22 |
> glep-0063: Disallow using DSA keys |
23 |
> |
24 |
> glep-0063.rst | 97 +++++++++++++++++++++++++++++++++------------------ |
25 |
> 1 file changed, 64 insertions(+), 33 deletions(-) |
26 |
> |
27 |
> |
28 |
> --- |
29 |
> GLEP: 63 |
30 |
> Title: Gentoo OpenPGP policies |
31 |
> Author: Robin H. Johnson <robbat2@g.o>, |
32 |
> Andreas K. Hüttel <dilfridge@g.o>, |
33 |
> Marissa Fischer <blogtodiffer@×××××.com> |
34 |
> Type: Standards Track |
35 |
> Status: Final |
36 |
> Version: 2 |
37 |
> Created: 2013-02-18 |
38 |
> Last-Modified: 2018-07-05 |
39 |
> Post-History: 2013-11-10 |
40 |
> Content-Type: text/x-rst |
41 |
> --- |
42 |
> |
43 |
> Credits |
44 |
> ======= |
45 |
> |
46 |
> Many developers and external sources helped in this GLEP. |
47 |
> |
48 |
> Abstract |
49 |
> ======== |
50 |
> |
51 |
> This GLEP provides both a minimum requirement and a recommended set of |
52 |
> OpenPGP key management policies for the Gentoo Linux distribution. |
53 |
> |
54 |
> Changes |
55 |
> ======= |
56 |
> |
57 |
> v2 |
58 |
> The distinct minimal and recommended expirations have been replaced |
59 |
> by a single requirement. The rules have been simplified to use |
60 |
> the same time of 2 years for both the primary key and subkeys. |
61 |
> |
62 |
> An additional rule requesting key renewal 2 weeks before expiration |
63 |
> has been added. This is in order to give services and other developers time |
64 |
> to refresh the key. |
65 |
> |
66 |
> The usage of DSA keys has been disallowed. |
67 |
> |
68 |
> v1.1 |
69 |
> The recommended RSA key size has been changed from 4096 bits |
70 |
> to 2048 bits to match the GnuPG recommendations [#GNUPG-FAQ-11-4]_. |
71 |
> The larger recommendation was unjustified and resulted in people |
72 |
> unnecessarily replacing their RSA-2048 keys. |
73 |
> |
74 |
> Minimal specification has been amended to allow for ECC keys. |
75 |
> |
76 |
> The option of using DSA subkey has been removed from recommendations. |
77 |
> The section now specifies a single recommendation of using RSA. |
78 |
> |
79 |
> Motivation |
80 |
> ========== |
81 |
> |
82 |
> Given the increasing use and importance of cryptographic protocols in internet |
83 |
> transactions of any kind, unified requirements for OpenPGP keys used in Gentoo |
84 |
> Linux development are sorely needed. This document provides both a set of |
85 |
> bare minimum requirements and a set of best practice recommendations for |
86 |
> the use of GnuPG (or other OpenPGP providers) by Gentoo Linux developers. |
87 |
> It is intended to provide a basis for future improvements such as, e.g., |
88 |
> consistent ebuild or package signing and verifying by end users. |
89 |
> |
90 |
> Specifications for OpenPGP keys |
91 |
> =============================== |
92 |
> |
93 |
> Bare minimum requirements |
94 |
> ------------------------- |
95 |
> This section specifies obligatory requirements for all OpenPGP keys used |
96 |
> to commit to Gentoo. Keys that do not conform to those requirements can |
97 |
> not be used to commit. |
98 |
> |
99 |
> 1. SHA2-series output digest (SHA1 digests internally permitted), |
100 |
> 256bit or more:: |
101 |
> |
102 |
> personal-digest-preferences SHA256 |
103 |
> |
104 |
> 2. Signing subkey that is different from the primary key, and does not |
105 |
> have any other capabilities enabled. |
106 |
> |
107 |
> 3. Primary key and the signing subkey are both of type EITHER: |
108 |
> |
109 |
> a. RSA, >=2048 bits (OpenPGP v4 key format or later only) |
110 |
> |
111 |
> b. ECC curve 25519 |
112 |
> |
113 |
> 4. Expiration date on key and all subkeys set to at most 2 years |
114 |
> |
115 |
> 5. Key expiration date renewed at least 2 weeks before the previous |
116 |
> expiration date. |
117 |
> |
118 |
> 6. Upload your key to the SKS keyserver rotation before usage! |
119 |
> |
120 |
> Recommendations |
121 |
> --------------- |
122 |
> This section specifies the best practices for Gentoo developers. |
123 |
> The developers should follow those practices unless there is a strong |
124 |
> technical reason not to (e.g. hardware limitations, necessity of replacing |
125 |
> their primary key). |
126 |
> |
127 |
> 1. Copy ``/usr/share/gnupg/gpg-conf.skel`` to ``~/.gnupg/gpg.conf``, append |
128 |
> the following block:: |
129 |
That file no longer exists. |
130 |
> |
131 |
> keyserver pool.sks-keyservers.net |
132 |
This is less secure than the default according to K_F in #gentoo-infra. |
133 |
> |
134 |
> emit-version |
135 |
K_F indicated that this harms security too. |
136 |
> |
137 |
> default-recipient-self |
138 |
> |
139 |
> # -- All of the below portion from the RiseUp.net OpenPGP best practices, and |
140 |
> # -- many of them are also in the Debian GPG documentation. |
141 |
> |
142 |
> # when outputting certificates, view user IDs distinctly from keys: |
143 |
> fixed-list-mode |
144 |
> |
145 |
> # long keyids are more collision-resistant than short keyids (it's trivial to make a key |
146 |
> # with any desired short keyid) |
147 |
> # NOTE: this breaks kmail gnupg support! |
148 |
> keyid-format 0xlong |
149 |
This makes the key ids shorter. ^_^;; |
150 |
> |
151 |
> # when multiple digests are supported by all recipients, choose the strongest one: |
152 |
> personal-digest-preferences SHA512 SHA384 SHA256 SHA224 |
153 |
> |
154 |
> # preferences chosen for new keys should prioritize stronger algorithms: |
155 |
> default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed |
156 |
> |
157 |
> # If you use a graphical environment (and even if you don't) you should be using an agent: |
158 |
> # (similar arguments as https://www.debian-administration.org/users/dkg/weblog/64) |
159 |
> use-agent |
160 |
> |
161 |
> # You should always know at a glance which User IDs gpg thinks are legitimately bound to |
162 |
> # the keys in your keyring: |
163 |
> verify-options show-uid-validity |
164 |
> list-options show-uid-validity |
165 |
> |
166 |
> # include an unambiguous indicator of which key made a signature: |
167 |
> # (see http://thread.gmane.org/gmane.mail.notmuch.general/3721/focus=7234) |
168 |
> # (and http://www.ietf.org/mail-archive/web/openpgp/current/msg00405.html) |
169 |
> sig-notation issuer-fpr@×××××××××××××××××××××××××××××××.net=%g |
170 |
> |
171 |
> # when making an OpenPGP certification, use a stronger digest than the default SHA1: |
172 |
> cert-digest-algo SHA256 |
173 |
|
174 |
Could we just drop the recommended gpg.conf? Many of these suggestions are outdated. |
175 |
> |
176 |
> 2. Primary key and the signing subkey are both of type RSA, 2048 bits |
177 |
> (OpenPGP v4 key format or later) |
178 |
> |
179 |
> 3. Key expiration renewed annually |
180 |
> |
181 |
> 4. Create a revocation certificate & store it hardcopy offsite securely |
182 |
> (it's about ~300 bytes). |
183 |
> |
184 |
> 5. Encrypted backup of your secret keys. |
185 |
> |
186 |
> Gentoo LDAP |
187 |
> =========== |
188 |
> |
189 |
> All Gentoo developers must list the complete fingerprint for their primary |
190 |
> keys in the "``gpgfingerprint``" LDAP field. It must be exactly 40 hex digits, |
191 |
> uppercase, with optional spaces every 8 hex digits. Regular expression for |
192 |
> validation:: |
193 |
> |
194 |
> ^([[:space:]]*[[:xdigit:]]{8}){5}$ |
195 |
> |
196 |
> The prior "``gpgkey``" field will be removed, as it is a subset |
197 |
> of the fingerprint field. In any place that presently displays |
198 |
> the "``gpgkey``" field, the last 16 hex digits of the fingerprint should |
199 |
> be displayed instead. |
200 |
> |
201 |
> Backwards Compatibility |
202 |
> ======================= |
203 |
> |
204 |
> There is no consistent standard for GPG usage in Gentoo to date. There is |
205 |
> conflicting information in the Devmanual [#DEVMANUAL-MANIFEST]_ and the GnuPG |
206 |
> Gentoo user guide [#GNUPG-USER]_. As there is little enforcement of Manifest |
207 |
> signing and very little commit signing to date, there are no backwards |
208 |
> compatibility concerns. |
209 |
> |
210 |
> External documentation |
211 |
> ====================== |
212 |
> |
213 |
> Much of the above was driven by the following: |
214 |
> |
215 |
> * NIST SP 800-57 recommendations [#NISTSP800571]_, [#NISTSP800572]_ |
216 |
> |
217 |
> * Debian GPG documentation [#DEBIANGPG]_ |
218 |
> |
219 |
> * RiseUp.net OpenPGP best practices [#RISEUP]_ |
220 |
> |
221 |
> * ENISA Algorithms, Key Sizes and Parameters Report 2013 [#ENISA2013]_ |
222 |
> |
223 |
> References |
224 |
> ========== |
225 |
> |
226 |
> .. [#GNUPG-FAQ-11-4] GnuPG FAQ: Why doesn’t GnuPG default to using RSA-4096? |
227 |
> (https://www.gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096) |
228 |
> |
229 |
> .. [#DEBIANGPG] Debian GPG documentation |
230 |
> (https://wiki.debian.org/Keysigning) |
231 |
> |
232 |
> .. [#EKAIA] Ana's blog: Creating a new GPG key |
233 |
> (http://ekaia.org/blog/2009/05/10/creating-new-gpgkey/) |
234 |
> |
235 |
> .. [#RISEUP] RiseUp.net OpenPGP best practices |
236 |
> (https://help.riseup.net/en/security/message-security/openpgp/best-practices) |
237 |
> |
238 |
> .. [#DEVMANUAL-MANIFEST] Gentoo Development Guide: Manifest |
239 |
> (http://devmanual.gentoo.org/general-concepts/manifest/index.html) |
240 |
> |
241 |
> .. [#GNUPG-USER] GnuPG Gentoo User Guide |
242 |
> (http://www.gentoo.org/doc/en/gnupg-user.xml) |
243 |
> |
244 |
> .. [#NISTSP800571] NIST SP 800-57: Recommendation for Key Management: |
245 |
> Part 1: General (Revision 3) |
246 |
> (http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf) |
247 |
> |
248 |
> .. [#NISTSP800572] NIST SP 800-57: Recommendation for Key Management: |
249 |
> Part 2: Best Practices for Key Management Organization |
250 |
> (http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part2.pdf) |
251 |
> |
252 |
> .. [#ISSUER-ANNOTATE] Including the entire fingerprint of the issuer |
253 |
> in an OpenPGP certification |
254 |
> (http://thread.gmane.org/gmane.mail.notmuch.general/3721/focus=7234) |
255 |
> |
256 |
> .. [#ENISA2013] ENISA Algorithms, Key Sizes and Parameters Report, |
257 |
> 2013 recommendations, version 1.0 (October 2013) |
258 |
> (https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report) |
259 |
> |
260 |
> Copyright |
261 |
> ========= |
262 |
> Copyright (c) 2013 by Robin Hugh Johnson, Andreas K. Hüttel, Marissa Fischer. |
263 |
> |
264 |
> This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 |
265 |
> Unported License. To view a copy of this license, visit |
266 |
> http://creativecommons.org/licenses/by-sa/3.0/. |
267 |
> |
268 |
> |
269 |
> -- |
270 |
> Best regards, |
271 |
> Michał Górny |
272 |
> |
273 |
> -- |
274 |
> 2.18.0 |
275 |
> |
276 |
> |