Re: [gentoo-dev] [PATCH v3 00/12] GLEP 63 update - gentoo-dev

From:	Richard Yao <ryao@g.o>
To:	gentoo-dev@l.g.o
Cc:	robbat2@g.o, "Michał Górny" <mgorny@g.o>
Subject:	Re: [gentoo-dev] [PATCH v3 00/12] GLEP 63 update
Date:	Sat, 07 Jul 2018 01:26:31
Message-Id:	`0B4F3153-6854-478E-8380-9A0AB8784DC8@gentoo.org`
In Reply to:	[gentoo-dev] [PATCH v3 00/12] GLEP 63 update by "Michał Górny"

1

> On Jul 5, 2018, at 4:53 PM, Michał Górny <mgorny@g.o> wrote:

2

>

3

> Hi,

4

>

5

> Here's third version of the patches.  I've incorporated the feedback

6

> so far and reordered the patches (again) to restore their

7

> degree-of-compatibility order.  The full text is included below.

8

>

9

>

10

> Michał Górny (12):

11

>  glep-0063: Use 'OpenPGP' as appropriate

12

>  glep-0063: RSAv4 -> OpenPGP v4 key format

13

>  glep-0063: 'Gentoo subkey' → 'Signing subkey'

14

>  glep-0063: Root key → primary key

15

>  glep-0063: Split out the signing subkey into a separation point

16

>  glep-0063: Explain minimal & recommended sections

17

>  glep-0063: Change the recommended RSA key size to 2048 bits

18

>  glep-0063: Allow ECC curve 25519 keys

19

>  glep-0063: Stop recommending DSA subkeys

20

>  glep-0063: Make 2-yearly expiration term mandatory

21

>  glep-0063: Require renewal 2 weeks before expiration

22

>  glep-0063: Disallow using DSA keys

23

>

24

> glep-0063.rst | 97 +++++++++++++++++++++++++++++++++------------------

25

> 1 file changed, 64 insertions(+), 33 deletions(-)

26

>

27

>

28

> ---

29

> GLEP: 63

30

> Title: Gentoo OpenPGP policies

31

> Author: Robin H. Johnson <robbat2@g.o>,

32

>        Andreas K. Hüttel <dilfridge@g.o>,

33

>        Marissa Fischer <blogtodiffer@×××××.com>

34

> Type: Standards Track

35

> Status: Final

36

> Version: 2

37

> Created: 2013-02-18

38

> Last-Modified: 2018-07-05

39

> Post-History: 2013-11-10

40

> Content-Type: text/x-rst

41

> ---

42

>

43

> Credits

44

> =======

45

>

46

> Many developers and external sources helped in this GLEP.

47

>

48

> Abstract

49

> ========

50

>

51

> This GLEP provides both a minimum requirement and a recommended set of

52

> OpenPGP key management policies for the Gentoo Linux distribution.

53

>

54

> Changes

55

> =======

56

>

57

> v2

58

>  The distinct minimal and recommended expirations have been replaced

59

>  by a single requirement. The rules have been simplified to use

60

>  the same time of 2 years for both the primary key and subkeys.

61

>

62

>  An additional rule requesting key renewal 2 weeks before expiration

63

>  has been added. This is in order to give services and other developers time

64

>  to refresh the key.

65

>

66

>  The usage of DSA keys has been disallowed.

67

>

68

> v1.1

69

>  The recommended RSA key size has been changed from 4096 bits

70

>  to 2048 bits to match the GnuPG recommendations [#GNUPG-FAQ-11-4]_.

71

>  The larger recommendation was unjustified and resulted in people

72

>  unnecessarily replacing their RSA-2048 keys.

73

>

74

>  Minimal specification has been amended to allow for ECC keys.

75

>

76

>  The option of using DSA subkey has been removed from recommendations.

77

>  The section now specifies a single recommendation of using RSA.

78

>

79

> Motivation

80

> ==========

81

>

82

> Given the increasing use and importance of cryptographic protocols in internet

83

> transactions of any kind, unified requirements for OpenPGP keys used in Gentoo

84

> Linux development are sorely needed.  This document provides both a set of

85

> bare minimum requirements and a set of best practice recommendations for

86

> the use of GnuPG (or other OpenPGP providers) by Gentoo Linux developers.

87

> It is intended to provide a basis for future improvements such as, e.g.,

88

> consistent ebuild or package signing and verifying by end users.

89

>

90

> Specifications for OpenPGP keys

91

> ===============================

92

>

93

> Bare minimum requirements

94

> -------------------------

95

> This section specifies obligatory requirements for all OpenPGP keys used

96

> to commit to Gentoo. Keys that do not conform to those requirements can

97

> not be used to commit.

98

>

99

> 1. SHA2-series output digest (SHA1 digests internally permitted),

100

>   256bit or more::

101

>

102

>       personal-digest-preferences SHA256

103

>

104

> 2. Signing subkey that is different from the primary key, and does not

105

>   have any other capabilities enabled.

106

>

107

> 3. Primary key and the signing subkey are both of type EITHER:

108

>

109

>   a. RSA, >=2048 bits (OpenPGP v4 key format or later only)

110

>

111

>   b. ECC curve 25519

112

>

113

> 4. Expiration date on key and all subkeys set to at most 2 years

114

>

115

> 5. Key expiration date renewed at least 2 weeks before the previous

116

>   expiration date.

117

>

118

> 6. Upload your key to the SKS keyserver rotation before usage!

119

>

120

> Recommendations

121

> ---------------

122

> This section specifies the best practices for Gentoo developers.

123

> The developers should follow those practices unless there is a strong

124

> technical reason not to (e.g. hardware limitations, necessity of replacing

125

> their primary key).

126

>

127

> 1. Copy ``/usr/share/gnupg/gpg-conf.skel`` to ``~/.gnupg/gpg.conf``, append

128

>   the following block::

129

That file no longer exists.

130

>

131

>       keyserver pool.sks-keyservers.net

132

This is less secure than the default according to K_F in #gentoo-infra.

133

>

134

>       emit-version

135

K_F indicated that this harms security too.

136

>

137

>       default-recipient-self

138

>

139

>       # -- All of the below portion from the RiseUp.net OpenPGP best practices, and

140

>       # -- many of them are also in the Debian GPG documentation.

141

>

142

>       # when outputting certificates, view user IDs distinctly from keys:

143

>       fixed-list-mode

144

>

145

>       # long keyids are more collision-resistant than short keyids (it's trivial to make a key

146

>       # with any desired short keyid)

147

>       # NOTE: this breaks kmail gnupg support!

148

>       keyid-format 0xlong

149

This makes the key ids shorter. ^_^;;

150

>

151

>       # when multiple digests are supported by all recipients, choose the strongest one:

152

>       personal-digest-preferences SHA512 SHA384 SHA256 SHA224

153

>

154

>       # preferences chosen for new keys should prioritize stronger algorithms:

155

>       default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed

156

>

157

>       # If you use a graphical environment (and even if you don't) you should be using an agent:

158

>       # (similar arguments as  https://www.debian-administration.org/users/dkg/weblog/64)

159

>       use-agent

160

>

161

>       # You should always know at a glance which User IDs gpg thinks are legitimately bound to

162

>       # the keys in your keyring:

163

>       verify-options show-uid-validity

164

>       list-options show-uid-validity

165

>

166

>       # include an unambiguous indicator of which key made a signature:

167

>       # (see http://thread.gmane.org/gmane.mail.notmuch.general/3721/focus=7234)

168

>       # (and http://www.ietf.org/mail-archive/web/openpgp/current/msg00405.html)

169

>       sig-notation issuer-fpr@×××××××××××××××××××××××××××××××.net=%g

170

>

171

>       # when making an OpenPGP certification, use a stronger digest than the default SHA1:

172

>       cert-digest-algo SHA256

173

174

Could we just drop the recommended gpg.conf? Many of these suggestions are outdated.

175

>

176

> 2. Primary key and the signing subkey are both of type RSA, 2048 bits

177

>   (OpenPGP v4 key format or later)

178

>

179

> 3. Key expiration renewed annually

180

>

181

> 4. Create a revocation certificate & store it hardcopy offsite securely

182

>   (it's about ~300 bytes).

183

>

184

> 5. Encrypted backup of your secret keys.

185

>

186

> Gentoo LDAP

187

> ===========

188

>

189

> All Gentoo developers must list the complete fingerprint for their primary

190

> keys in the "``gpgfingerprint``" LDAP field. It must be exactly 40 hex digits,

191

> uppercase, with optional spaces every 8 hex digits. Regular expression for

192

> validation::

193

>

194

>    ^([[:space:]]*[[:xdigit:]]{8}){5}$

195

>

196

> The prior "``gpgkey``" field will be removed, as it is a subset

197

> of the fingerprint field. In any place that presently displays

198

> the "``gpgkey``" field, the last 16 hex digits of the fingerprint should

199

> be displayed instead.

200

>

201

> Backwards Compatibility

202

> =======================

203

>

204

> There is no consistent standard for GPG usage in Gentoo to date. There is

205

> conflicting information in the Devmanual [#DEVMANUAL-MANIFEST]_ and the GnuPG

206

> Gentoo user guide [#GNUPG-USER]_. As there is little enforcement of Manifest

207

> signing and very little commit signing to date, there are no backwards

208

> compatibility concerns.

209

>

210

> External documentation

211

> ======================

212

>

213

> Much of the above was driven by the following:

214

>

215

> * NIST SP 800-57 recommendations [#NISTSP800571]_, [#NISTSP800572]_

216

>

217

> * Debian GPG documentation [#DEBIANGPG]_

218

>

219

> * RiseUp.net OpenPGP best practices [#RISEUP]_

220

>

221

> * ENISA Algorithms, Key Sizes and Parameters Report 2013 [#ENISA2013]_

222

>

223

> References

224

> ==========

225

>

226

> .. [#GNUPG-FAQ-11-4] GnuPG FAQ: Why doesn’t GnuPG default to using RSA-4096?

227

>   (https://www.gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096)

228

>

229

> .. [#DEBIANGPG] Debian GPG documentation

230

>   (https://wiki.debian.org/Keysigning)

231

>

232

> .. [#EKAIA] Ana's blog: Creating a new GPG key

233

>   (http://ekaia.org/blog/2009/05/10/creating-new-gpgkey/)

234

>

235

> .. [#RISEUP] RiseUp.net OpenPGP best practices

236

>   (https://help.riseup.net/en/security/message-security/openpgp/best-practices)

237

>

238

> .. [#DEVMANUAL-MANIFEST] Gentoo Development Guide: Manifest

239

>   (http://devmanual.gentoo.org/general-concepts/manifest/index.html)

240

>

241

> .. [#GNUPG-USER] GnuPG Gentoo User Guide

242

>   (http://www.gentoo.org/doc/en/gnupg-user.xml)

243

>

244

> .. [#NISTSP800571] NIST SP 800-57: Recommendation for Key Management:

245

>   Part 1: General (Revision 3)

246

>   (http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf)

247

>

248

> .. [#NISTSP800572] NIST SP 800-57: Recommendation for Key Management:

249

>   Part 2: Best Practices for Key Management Organization

250

>   (http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part2.pdf)

251

>

252

> .. [#ISSUER-ANNOTATE] Including the entire fingerprint of the issuer

253

>  in an OpenPGP certification

254

>  (http://thread.gmane.org/gmane.mail.notmuch.general/3721/focus=7234)

255

>

256

> .. [#ENISA2013] ENISA Algorithms, Key Sizes and Parameters Report,

257

>   2013 recommendations, version 1.0 (October 2013)

258

>   (https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report)

259

>

260

> Copyright

261

> =========

262

> Copyright (c) 2013 by Robin Hugh Johnson, Andreas K. Hüttel, Marissa Fischer.

263

>

264

> This work is licensed under the Creative Commons Attribution-ShareAlike 3.0

265

> Unported License.  To view a copy of this license, visit

266

> http://creativecommons.org/licenses/by-sa/3.0/.

267

>

268

>

269

> --

270

> Best regards,

271

> Michał Górny

272

>

273

> --

274

> 2.18.0

275

>

276

>

Gentoo Archives: gentoo-dev

Replies

1	> On Jul 5, 2018, at 4:53 PM, Michał Górny <mgorny@g.o> wrote:
2	>
3	> Hi,
4	>
5	> Here's third version of the patches. I've incorporated the feedback
6	> so far and reordered the patches (again) to restore their
7	> degree-of-compatibility order. The full text is included below.
8	>
9	>
10	> Michał Górny (12):
11	> glep-0063: Use 'OpenPGP' as appropriate
12	> glep-0063: RSAv4 -> OpenPGP v4 key format
13	> glep-0063: 'Gentoo subkey' → 'Signing subkey'
14	> glep-0063: Root key → primary key
15	> glep-0063: Split out the signing subkey into a separation point
16	> glep-0063: Explain minimal & recommended sections
17	> glep-0063: Change the recommended RSA key size to 2048 bits
18	> glep-0063: Allow ECC curve 25519 keys
19	> glep-0063: Stop recommending DSA subkeys
20	> glep-0063: Make 2-yearly expiration term mandatory
21	> glep-0063: Require renewal 2 weeks before expiration
22	> glep-0063: Disallow using DSA keys
23	>
24	> glep-0063.rst \| 97 +++++++++++++++++++++++++++++++++------------------
25	> 1 file changed, 64 insertions(+), 33 deletions(-)
26	>
27	>
28	> ---
29	> GLEP: 63
30	> Title: Gentoo OpenPGP policies
31	> Author: Robin H. Johnson <robbat2@g.o>,
32	> Andreas K. Hüttel <dilfridge@g.o>,
33	> Marissa Fischer <blogtodiffer@×××××.com>
34	> Type: Standards Track
35	> Status: Final
36	> Version: 2
37	> Created: 2013-02-18
38	> Last-Modified: 2018-07-05
39	> Post-History: 2013-11-10
40	> Content-Type: text/x-rst
41	> ---
42	>
43	> Credits
44	> =======
45	>
46	> Many developers and external sources helped in this GLEP.
47	>
48	> Abstract
49	> ========
50	>
51	> This GLEP provides both a minimum requirement and a recommended set of
52	> OpenPGP key management policies for the Gentoo Linux distribution.
53	>
54	> Changes
55	> =======
56	>
57	> v2
58	> The distinct minimal and recommended expirations have been replaced
59	> by a single requirement. The rules have been simplified to use
60	> the same time of 2 years for both the primary key and subkeys.
61	>
62	> An additional rule requesting key renewal 2 weeks before expiration
63	> has been added. This is in order to give services and other developers time
64	> to refresh the key.
65	>
66	> The usage of DSA keys has been disallowed.
67	>
68	> v1.1
69	> The recommended RSA key size has been changed from 4096 bits
70	> to 2048 bits to match the GnuPG recommendations [#GNUPG-FAQ-11-4]_.
71	> The larger recommendation was unjustified and resulted in people
72	> unnecessarily replacing their RSA-2048 keys.
73	>
74	> Minimal specification has been amended to allow for ECC keys.
75	>
76	> The option of using DSA subkey has been removed from recommendations.
77	> The section now specifies a single recommendation of using RSA.
78	>
79	> Motivation
80	> ==========
81	>
82	> Given the increasing use and importance of cryptographic protocols in internet
83	> transactions of any kind, unified requirements for OpenPGP keys used in Gentoo
84	> Linux development are sorely needed. This document provides both a set of
85	> bare minimum requirements and a set of best practice recommendations for
86	> the use of GnuPG (or other OpenPGP providers) by Gentoo Linux developers.
87	> It is intended to provide a basis for future improvements such as, e.g.,
88	> consistent ebuild or package signing and verifying by end users.
89	>
90	> Specifications for OpenPGP keys
91	> ===============================
92	>
93	> Bare minimum requirements
94	> -------------------------
95	> This section specifies obligatory requirements for all OpenPGP keys used
96	> to commit to Gentoo. Keys that do not conform to those requirements can
97	> not be used to commit.
98	>
99	> 1. SHA2-series output digest (SHA1 digests internally permitted),
100	> 256bit or more::
101	>
102	> personal-digest-preferences SHA256
103	>
104	> 2. Signing subkey that is different from the primary key, and does not
105	> have any other capabilities enabled.
106	>
107	> 3. Primary key and the signing subkey are both of type EITHER:
108	>
109	> a. RSA, >=2048 bits (OpenPGP v4 key format or later only)
110	>
111	> b. ECC curve 25519
112	>
113	> 4. Expiration date on key and all subkeys set to at most 2 years
114	>
115	> 5. Key expiration date renewed at least 2 weeks before the previous
116	> expiration date.
117	>
118	> 6. Upload your key to the SKS keyserver rotation before usage!
119	>
120	> Recommendations
121	> ---------------
122	> This section specifies the best practices for Gentoo developers.
123	> The developers should follow those practices unless there is a strong
124	> technical reason not to (e.g. hardware limitations, necessity of replacing
125	> their primary key).
126	>
127	> 1. Copy ``/usr/share/gnupg/gpg-conf.skel`` to ``~/.gnupg/gpg.conf``, append
128	> the following block::
129	That file no longer exists.
130	>
131	> keyserver pool.sks-keyservers.net
132	This is less secure than the default according to K_F in #gentoo-infra.
133	>
134	> emit-version
135	K_F indicated that this harms security too.
136	>
137	> default-recipient-self
138	>
139	> # -- All of the below portion from the RiseUp.net OpenPGP best practices, and
140	> # -- many of them are also in the Debian GPG documentation.
141	>
142	> # when outputting certificates, view user IDs distinctly from keys:
143	> fixed-list-mode
144	>
145	> # long keyids are more collision-resistant than short keyids (it's trivial to make a key
146	> # with any desired short keyid)
147	> # NOTE: this breaks kmail gnupg support!
148	> keyid-format 0xlong
149	This makes the key ids shorter. ^_^;;
150	>
151	> # when multiple digests are supported by all recipients, choose the strongest one:
152	> personal-digest-preferences SHA512 SHA384 SHA256 SHA224
153	>
154	> # preferences chosen for new keys should prioritize stronger algorithms:
155	> default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed
156	>
157	> # If you use a graphical environment (and even if you don't) you should be using an agent:
158	> # (similar arguments as https://www.debian-administration.org/users/dkg/weblog/64)
159	> use-agent
160	>
161	> # You should always know at a glance which User IDs gpg thinks are legitimately bound to
162	> # the keys in your keyring:
163	> verify-options show-uid-validity
164	> list-options show-uid-validity
165	>
166	> # include an unambiguous indicator of which key made a signature:
167	> # (see http://thread.gmane.org/gmane.mail.notmuch.general/3721/focus=7234)
168	> # (and http://www.ietf.org/mail-archive/web/openpgp/current/msg00405.html)
169	> sig-notation issuer-fpr@×××××××××××××××××××××××××××××××.net=%g
170	>
171	> # when making an OpenPGP certification, use a stronger digest than the default SHA1:
172	> cert-digest-algo SHA256
173
174	Could we just drop the recommended gpg.conf? Many of these suggestions are outdated.
175	>
176	> 2. Primary key and the signing subkey are both of type RSA, 2048 bits
177	> (OpenPGP v4 key format or later)
178	>
179	> 3. Key expiration renewed annually
180	>
181	> 4. Create a revocation certificate & store it hardcopy offsite securely
182	> (it's about ~300 bytes).
183	>
184	> 5. Encrypted backup of your secret keys.
185	>
186	> Gentoo LDAP
187	> ===========
188	>
189	> All Gentoo developers must list the complete fingerprint for their primary
190	> keys in the "``gpgfingerprint``" LDAP field. It must be exactly 40 hex digits,
191	> uppercase, with optional spaces every 8 hex digits. Regular expression for
192	> validation::
193	>
194	> ^([[:space:]]*[[:xdigit:]]{8}){5}$
195	>
196	> The prior "``gpgkey``" field will be removed, as it is a subset
197	> of the fingerprint field. In any place that presently displays
198	> the "``gpgkey``" field, the last 16 hex digits of the fingerprint should
199	> be displayed instead.
200	>
201	> Backwards Compatibility
202	> =======================
203	>
204	> There is no consistent standard for GPG usage in Gentoo to date. There is
205	> conflicting information in the Devmanual [#DEVMANUAL-MANIFEST]_ and the GnuPG
206	> Gentoo user guide [#GNUPG-USER]_. As there is little enforcement of Manifest
207	> signing and very little commit signing to date, there are no backwards
208	> compatibility concerns.
209	>
210	> External documentation
211	> ======================
212	>
213	> Much of the above was driven by the following:
214	>
215	> * NIST SP 800-57 recommendations [#NISTSP800571]_, [#NISTSP800572]_
216	>
217	> * Debian GPG documentation [#DEBIANGPG]_
218	>
219	> * RiseUp.net OpenPGP best practices [#RISEUP]_
220	>
221	> * ENISA Algorithms, Key Sizes and Parameters Report 2013 [#ENISA2013]_
222	>
223	> References
224	> ==========
225	>
226	> .. [#GNUPG-FAQ-11-4] GnuPG FAQ: Why doesn’t GnuPG default to using RSA-4096?
227	> (https://www.gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096)
228	>
229	> .. [#DEBIANGPG] Debian GPG documentation
230	> (https://wiki.debian.org/Keysigning)
231	>
232	> .. [#EKAIA] Ana's blog: Creating a new GPG key
233	> (http://ekaia.org/blog/2009/05/10/creating-new-gpgkey/)
234	>
235	> .. [#RISEUP] RiseUp.net OpenPGP best practices
236	> (https://help.riseup.net/en/security/message-security/openpgp/best-practices)
237	>
238	> .. [#DEVMANUAL-MANIFEST] Gentoo Development Guide: Manifest
239	> (http://devmanual.gentoo.org/general-concepts/manifest/index.html)
240	>
241	> .. [#GNUPG-USER] GnuPG Gentoo User Guide
242	> (http://www.gentoo.org/doc/en/gnupg-user.xml)
243	>
244	> .. [#NISTSP800571] NIST SP 800-57: Recommendation for Key Management:
245	> Part 1: General (Revision 3)
246	> (http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf)
247	>
248	> .. [#NISTSP800572] NIST SP 800-57: Recommendation for Key Management:
249	> Part 2: Best Practices for Key Management Organization
250	> (http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part2.pdf)
251	>
252	> .. [#ISSUER-ANNOTATE] Including the entire fingerprint of the issuer
253	> in an OpenPGP certification
254	> (http://thread.gmane.org/gmane.mail.notmuch.general/3721/focus=7234)
255	>
256	> .. [#ENISA2013] ENISA Algorithms, Key Sizes and Parameters Report,
257	> 2013 recommendations, version 1.0 (October 2013)
258	> (https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report)
259	>
260	> Copyright
261	> =========
262	> Copyright (c) 2013 by Robin Hugh Johnson, Andreas K. Hüttel, Marissa Fischer.
263	>
264	> This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
265	> Unported License. To view a copy of this license, visit
266	> http://creativecommons.org/licenses/by-sa/3.0/.
267	>
268	>
269	> --
270	> Best regards,
271	> Michał Górny
272	>
273	> --
274	> 2.18.0
275	>
276	>