Re: FAQ October 2019 update
Hi, On Tue, Oct 15, 2019 at 03:17:58PM -0400, Robert J. Hansen wrote: ... Those were the high-priority changes that needed to be made. If anyone has other suggestions, speak up: I'm listening. :) A while ago (I can’t find the e-mail anymore) I suggested a few changes that somehow didn’t find their way to the FAQ and then I forgot about them. Allow me to submit them again. Those changes are all related to the fact that modern (≥ 2.1) GnuPG automatically creates a revocation certificate whenever it creates a new key pair, and stores it in $GNUPGHOME/openpgp-revocs.d. In section 7,17 (What’s a ‘revocation certificate’?), it’s no longer recommended to create a revocation certificate immediately after generating a new GnuPG certificate. Instead, this section may state that GnuPG already creates one when creating a GnuPG certificate, and that it can be found in $GNUPGHOME/openpgp-revocs.d. Similarly, section 8.5 (“What should I do after making my certificate”) should no longer say to generate a revocation certificate, but again may indicate where to find the one automatically generated by GnuPG, and advise to store it in a safe place. In the same section, the subsection “How do I generate a revocation certificate” could be moved elsewhere, as it is no longer something you “should do after making [your] certificate”. In section 10 (“What are some common bast practices?”), the advice “Generate a revocation certificate and keep it safe” should be removed and optionally replaced by “Keep your (automatically generated) revocation certificate safe”. Cheers, - Damien signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: FAQ October 2019 update
On 15/10/2019 21:59, Robert J. Hansen wrote: > Should they update? Yes. Is the problem mitigated by an update? Yes. > But will they? Probably not before wedging their keyring. Given that > high-profile people in the community have had our certificates defaced, > it's possible someone will say "I want to ask dkg a question," pull down > his cert, get wedged, and... etc. I can confirm that this happens and users are being b0rked because of trolls. Street level rumour is that GnuPG key exchange is broken and you should not use it. It doesn't matter what the truth is - it is the public perception that recent SKS events made it unusable, this was advertised across the media all over the place and the image stuck. Additionally, poor handling of SKS fiasco by GnuPG community hurt it's credibility a lot, so a clear signal that this issue was treated seriously would be beneficial. Should it be advertised as a new go-to standard or as transitional standard, beta/alpha/whatever - I don't know, it's debatable. Cheers, Chris ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: FAQ October 2019 update
Let's start with the most important thing: > I am sorry for having to write these harsh comments I didn't find your comments harsh, but thank you for being considerate. :) >> * Every reference to the SKS keyserver network now points to >> keys.openpgp.org. Reason: the SKS attacks a few months ago. > > I have to object against this change. The SKS server network is still > useful and definitely more useful than an non-matured and centralized > keyserver. I can't agree with this. SKS is effectively dead. Older GnuPG installations can still get utterly wedged if they pull down a poisoned certificate from SKS. There are a *lot* of these older installations out there in the wild, and what we suggest to them should not lead them into wedging their system. Should they update? Yes. Is the problem mitigated by an update? Yes. But will they? Probably not before wedging their keyring. Given that high-profile people in the community have had our certificates defaced, it's possible someone will say "I want to ask dkg a question," pull down his cert, get wedged, and... etc. I think it's dangerous to our users to continue to recommend SKS in the face of a well-known poisoning problem. > suggesting the use of that specific keyserver is a no-go. I'm fine with this. My major concern is removing SKS recommendations. >> * All references to 2048-bit crypto are updated to refer to 3072-bit >> crypto. Reason: GnuPG now defaults to 3072-bit RSA. > > Okay. But this > > +your certificate uses 2048-bit keys we recommend retiring them and > +migrating to a new keypair of at least 3072 bits length. You can do > > is a no-go because we will have a hard to time to convice people that > this is just a geek suggestion and that for almost all general use of > gpg the existsing keys are still fine. Actually 2k keys are still > allowed in Germany for restricted communication and there is no need for > an immediate rush to 3k. I agree there is no immediate rush: the US guidance says they're safe until 2030. But for many years we advised people to use 2048-bit keys, now we're generating 3072-bit keys by default. At the very least the old guidance on 2048-bit keys needs to be dropped. Whether we explain it away as "we're now using 3072-bit keys by default, in order to get a long head start on 2048's obsolescence" or "we're going to be moving to ECC in the near future" matters little to me, but we need to explain the shift away from 2048. > I also wonder why you removed this > > -If you need more security than RSA-2048 offers, the way to go would be > -to switch to elliptical curve cryptography — not to continue using > -RSA. Because it raises an immediate question of, "then why does GnuPG default to RSA-3072, if the FAQ's guidance is past -2048 to use ECC?" The FAQ's statement collides with what GnuPG actually does. > That is a matter of minutes. I only had a brief look at it but I can't > see that your changes are subject to frequently asked questions here. There were three major changes: keyservers, key lengths, and an email address. All three existed in prior iterations of the FAQ. If you think they should be dropped, I'm all for that conversation, but please keep in mind that I'm not adding new subjects to the FAQ: in this pass I was updating existing content. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: FAQ October 2019 update
On Tue, 15 Oct 2019 15:17, Robert J. Hansen said: > * Every reference to the SKS keyserver network now points to > keys.openpgp.org. Reason: the SKS attacks a few months ago. I have to object against this change. The SKS server network is still useful and definitely more useful than an non-matured and centralized keyserver. I am okay with removing explicit reference to the SKS network for now but suggesting the use of that specific keyserver is a no-go. > * All references to 2048-bit crypto are updated to refer to 3072-bit > crypto. Reason: GnuPG now defaults to 3072-bit RSA. Okay. But this +your certificate uses 2048-bit keys we recommend retiring them and +migrating to a new keypair of at least 3072 bits length. You can do is a no-go because we will have a hard to time to convice people that this is just a geek suggestion and that for almost all general use of gpg the existsing keys are still fine. Actually 2k keys are still allowed in Germany for restricted communication and there is no need for an immediate rush to 3k. I also wonder why you removed this -If you need more security than RSA-2048 offers, the way to go would be -to switch to elliptical curve cryptography — not to continue using -RSA. GnuPG's future default is already ECC and some hosted mail services are already creating such keys. GnuPG will switch to that with 2.3 which is not that far away. > (Note: I just committed the FAQ changes. It may take a couple of days > for the documentation on the website to be regenerated.) That is a matter of minutes. I only had a brief look at it but I can't see that your changes are subject to frequently asked questions here. The GnuPG FAQ is for all GnuPG users and should not again start reflect the view of some crypto geeks or give advises which will lead only to trouble. I am sorry for having to write these harsh comments: In contrast to discussions on the mailing list the FAQ reflects the opinion of the GnuPG project and as such substantial changes need to be discussed first. I would suggest to create a branch and revert the changes in master until an agreement has been reached. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
FAQ October 2019 update
The last time I gave the FAQ a thorough read-and-review was in October 2017, so it was time for a review. I fought off the urge to rewrite the thing entirely -- I really don't like how it flows, but I view my job as maintainer is more about making minor incremental changes than total rewrites whenever the whim seizes me. Anyway, the major changes: * Every reference to the SKS keyserver network now points to keys.openpgp.org. Reason: the SKS attacks a few months ago. * All references to 2048-bit crypto are updated to refer to 3072-bit crypto. Reason: GnuPG now defaults to 3072-bit RSA. * PGPNET's email address has changed. ... Those were the high-priority changes that needed to be made. If anyone has other suggestions, speak up: I'm listening. :) (Note: I just committed the FAQ changes. It may take a couple of days for the documentation on the website to be regenerated.) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users