| 1 |
W dniu czw, 05.07.2018 o godzinie 13∶24 -0500, użytkownik William Hubbs |
| 2 |
napisał: |
| 3 |
> On Thu, Jul 05, 2018 at 03:36:09PM +0200, Michał Górny wrote: |
| 4 |
> > W dniu śro, 04.07.2018 o godzinie 18∶48 -0400, użytkownik Joshua Kinard |
| 5 |
> > napisał: |
| 6 |
> > > On 7/4/2018 5:24 PM, Michał Górny wrote: |
| 7 |
> > > > W dniu śro, 04.07.2018 o godzinie 23∶05 +0200, użytkownik Ulrich Mueller |
| 8 |
> > > > napisał: |
| 9 |
> > > > > > > > > > On Wed, 4 Jul 2018, Michał Górny wrote: |
| 10 |
> > > > > > |
| 11 |
> > > > > > -3. Key expiry: 5 years maximum |
| 12 |
> > > > > > +3. Key expiration: |
| 13 |
> > > > > > + |
| 14 |
> > > > > > + a. Primary key: 3 years maximum |
| 15 |
> > > > > > + |
| 16 |
> > > > > > + b. Gentoo subkey: 1 year maximum |
| 17 |
> > > > > |
| 18 |
> > > > > What problem are you trying to solve here? |
| 19 |
> > > > > |
| 20 |
> > > > |
| 21 |
> > > > The problem of having unjustified double standards. |
| 22 |
> > > |
| 23 |
> > > IMHO, one year for a signing subkey is too short. I see no problem with three |
| 24 |
> > > years like the primary key. Especially since people will typically just change |
| 25 |
> > > the expiration and advance it the minimum number of years, lather, rinse, and |
| 26 |
> > > repeat. It's a solution looking for a problem. |
| 27 |
> > > |
| 28 |
> > |
| 29 |
> > I don't really know the original rationale for this. |
| 30 |
> > |
| 31 |
> > The NIST standard says 1-3 years. If I were to guess, I'd say 1 year |
| 32 |
> > was chosen for subkey because subkey expiring is a 'smaller' issue than |
| 33 |
> > the whole key expiring, i.e. other users see the primary key as being |
| 34 |
> > still valid. |
| 35 |
> > |
| 36 |
> > I suppose the advantage of having disjoint expiration times is that if |
| 37 |
> > you forget about it, you'd learn the hard way that you need to renew it |
| 38 |
> > before the primary key expired. |
| 39 |
> > |
| 40 |
> > That said, I'm open to using a different recommendation, e.g. 2 years |
| 41 |
> > as in riseup [1]. I suppose having the same time for both primary key |
| 42 |
> > and subkeys would make the spec simpler, and many developers are |
| 43 |
> > mistaking expiration times (as specified now) anyway. |
| 44 |
> > |
| 45 |
> > [1]:https://riseup.net/en/security/message-security/openpgp/best-practices#use-an-expiration-date-less-than-two-years |
| 46 |
> |
| 47 |
> Can you link the nist standard? I'm curious about it because their |
| 48 |
> password standards are quite different.They no longer recommend forcing |
| 49 |
> password changes unless there is a breach. |
| 50 |
> |
| 51 |
|
| 52 |
I'm afraid that's PDF. Not sure if that will work for you: |
| 53 |
|
| 54 |
https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-57pt1r4.pdf |
| 55 |
|
| 56 |
It's section 5.3.6: Cryptoperiod Recommendations for Specific Key Types. |
| 57 |
|
| 58 |
Quoting: |
| 59 |
|
| 60 |
| 1. Private signature key: |
| 61 |
| [...] |
| 62 |
| b. Cryptoperiod: Given the use of approved algorithms and key sizes, |
| 63 |
| and an expectation that the security of the key-storage and use |
| 64 |
| environment will increase as the sensitivity and/or criticality |
| 65 |
| of the processes for which the key provides integrity protection |
| 66 |
| increases, a maximum cryptoperiod of about one to three years is |
| 67 |
| recommended. The key shall be destroyed at the end of its |
| 68 |
| cryptoperiod. |
| 69 |
|
| 70 |
|
| 71 |
-- |
| 72 |
Best regards, |
| 73 |
Michał Górny |
Archives