1 |
Following the recent mailing list discussion indicating that developers |
2 |
are taking GLEP 63 as only source of truth about OpenPGP keys, and can |
3 |
make assumption that if encryption key is not listed there they should |
4 |
not have one. Amend the specification to extend it beyond the previous |
5 |
limited scope of commit signing, and require an encryption key |
6 |
appropriately. This matches the GnuPG defaults. |
7 |
|
8 |
While at it, add a recommendation that the primary key is certify-only. |
9 |
Other usage is implicitly discouraged anyway via requiring subkeys. |
10 |
Originally this recommendation was omitted as I wasn't aware that gpg |
11 |
had a (hidden) option to change usage of existing keys. |
12 |
--- |
13 |
glep-0063.rst | 43 +++++++++++++++++++++++++++++-------------- |
14 |
1 file changed, 29 insertions(+), 14 deletions(-) |
15 |
|
16 |
diff --git a/glep-0063.rst b/glep-0063.rst |
17 |
index 64fb437..b4bbe62 100644 |
18 |
--- a/glep-0063.rst |
19 |
+++ b/glep-0063.rst |
20 |
@@ -7,10 +7,10 @@ Author: Robin H. Johnson <robbat2@g.o>, |
21 |
Michał Górny <mgorny@g.o> |
22 |
Type: Standards Track |
23 |
Status: Final |
24 |
-Version: 2 |
25 |
+Version: 2.1 |
26 |
Created: 2013-02-18 |
27 |
-Last-Modified: 2018-07-21 |
28 |
-Post-History: 2013-11-10, 2018-07-03, 2018-07-21 |
29 |
+Last-Modified: 2019-02-24 |
30 |
+Post-History: 2013-11-10, 2018-07-03, 2018-07-21, 2019-02-24 |
31 |
Content-Type: text/x-rst |
32 |
--- |
33 |
|
34 |
@@ -28,6 +28,13 @@ OpenPGP key management policies for the Gentoo Linux distribution. |
35 |
Changes |
36 |
======= |
37 |
|
38 |
+v2.1 |
39 |
+ A requirement for an encryption key has been added, in order to extend |
40 |
+ the GLEP beyond commit signing and into use of OpenPGP for dev-to-dev |
41 |
+ and user-to-dev communications. |
42 |
+ |
43 |
+ A recommendation for primary key to be certify-only has been added. |
44 |
+ |
45 |
v2 |
46 |
The distinct minimal and recommended expirations have been replaced |
47 |
by a single requirement. The rules have been simplified to use |
48 |
@@ -70,22 +77,28 @@ Linux development are sorely needed. This document provides both a set of |
49 |
bare minimum requirements and a set of best practice recommendations for |
50 |
the use of GnuPG (or other OpenPGP providers) by Gentoo Linux developers. |
51 |
It is intended to provide a basis for future improvements such as, e.g., |
52 |
-consistent ebuild or package signing and verifying by end users. |
53 |
+consistent ebuild or package signing and verification by end users, |
54 |
+and providing secure and authenticated communication channel between users |
55 |
+and developers. |
56 |
|
57 |
Specifications for OpenPGP keys |
58 |
=============================== |
59 |
|
60 |
Bare minimum requirements |
61 |
------------------------- |
62 |
-This section specifies obligatory requirements for all OpenPGP keys used |
63 |
-to commit to Gentoo. Keys that do not conform to those requirements can |
64 |
-not be used to commit. |
65 |
+This section specifies obligatory requirements for all OpenPGP keys that |
66 |
+are used in the context of Gentoo developer actions. All developers |
67 |
+are required to have at least one key conforming to those requirements. |
68 |
+Keys that do not conform to them can not be used to commit. |
69 |
|
70 |
1. SHA-2 series output digest (SHA-1 digests internally permitted), |
71 |
at least 256-bit. All subkey self-signatures must use this digest. |
72 |
|
73 |
-2. Signing subkey that is different from the primary key, and does not |
74 |
- have any other capabilities enabled. |
75 |
+2. a. Signing subkey that is different from the primary key, and does |
76 |
+ not have any other capabilities enabled. |
77 |
+ |
78 |
+ b. Encryption subkey that is different from the primary key, and does |
79 |
+ not have any other capabilities enabled. |
80 |
|
81 |
3. Primary key and the signing subkey are both of type EITHER: |
82 |
|
83 |
@@ -110,15 +123,17 @@ The developers should follow those practices unless there is a strong |
84 |
technical reason not to (e.g. hardware limitations, necessity of replacing |
85 |
their primary key). |
86 |
|
87 |
-1. Primary key and the signing subkey are both of type RSA, 2048 bits |
88 |
+1. Primary key has only ``certify`` capability enabled. |
89 |
+ |
90 |
+2. Primary key and the signing subkey are both of type RSA, 2048 bits |
91 |
(OpenPGP v4 key format or later). |
92 |
|
93 |
-2. Key expiration renewed annually to a fixed day of the year. |
94 |
+3. Key expiration renewed annually to a fixed day of the year. |
95 |
|
96 |
-3. Create a revocation certificate & store it hardcopy offsite securely |
97 |
+4. Create a revocation certificate & store it hardcopy offsite securely |
98 |
(it's about ~300 bytes). |
99 |
|
100 |
-4. Encrypted backup of your secret keys. |
101 |
+5. Encrypted backup of your secret keys. |
102 |
|
103 |
Gentoo LDAP |
104 |
=========== |
105 |
@@ -193,7 +208,7 @@ References |
106 |
|
107 |
Copyright |
108 |
========= |
109 |
-Copyright (c) 2013-2018 by Robin Hugh Johnson, Andreas K. Hüttel, |
110 |
+Copyright (c) 2013-2019 by Robin Hugh Johnson, Andreas K. Hüttel, |
111 |
Marissa Fischer, Michał Górny. |
112 |
|
113 |
This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 |
114 |
-- |
115 |
2.21.0.rc2 |