On Mon, Feb 18, 2013 at 11:38 PM, Kent Fredric <kentfred...@gmail.com> wrote: >> The key rotation as described in RiseUp best practices should be a very >> rare occurrence. Each dev is going to run it at most once. >> > > Some material I read recommended doing a key rotation every 6 months, > which I did for a while until it got tiresome to perform the rotation.
It turns out that real security is very inconvenient ;) > > I believe the rationale behind it was basically, the longer you use a > key, and the more data you produce signed by a key, the more leverage > an attacker has against you to compromise the key. > > But I have no idea if that is really relevant or not. Trust is not really conferred by 'how much you have signed with the key.' It is conferred by 'how many people trust your key.' It is unclear to me how difficult this is to calculate in practice for an attacker. You rotate keys nominally because during routine key handling, your key (unless it is stored in a smartcard) is exposed to risk during use (the key material is mlocked in memory, or they can chat with your gpg-agent to sign content, or try to steal the key material, or steal the passphrase, and so forth.) If someone got your key, they can only sign data with it for $INTERVAL until it expires and you generate a new key. The attacker has no incentive to renew the key for you, because that would expose him, as he has to publish the renewal. All of this is similar in scope to changing your password every $INTERVAL, which is standard security practice. Generally speaking if the attacker is running code as you, or as root, on the machine that you are signing content on, you are already screwed. If the attacker has persistent access to your machine, generating a new key does not help at all (he will get that one too.) A common guard against this is simply to perform host attestation. I don't think that is in scope for Gentoo though :) -A > > -- > Kent > > perl -e "print substr( \"edrgmaM SPA NOcomil.ic\\@tfrken\", \$_ * 3, > 3 ) for ( 9,8,0,7,1,6,5,4,3,2 );" > > http://kent-fredric.fox.geek.nz >
