So to summarize, and please confirm or deny my understanding below,
comparing to 2.7.14build2 which is current noble release+updates:
- Assert-Pubkey-Algo reintroduces >= rsa1024 (was rsa2048), and allows more
nist curves[1]. It's downgrading the RSA key size to 1024.
- there is no error whatsoever if an algorithm is not in the Pubkey-Algo list,
correct? Just warnings
- new levels are introduced: next, and future[2]. How can the user switch
between them? I see after installing 2.8.3 that I have the default, next, and
future levels, but it's not clear how "next" and "future" are to be used.
1. diff:
- Cnf.CndSet("APT::Key::Assert-Pubkey-Algo", ">=rsa2048,ed25519,ed448");
+ Cnf.CndSet("APT::Key::Assert-Pubkey-Algo",
">=rsa1024,ed25519,ed448,nistp256,nistp384,nistp512,brainpoolP256r1,brainpoolP320r1,brainpoolP384r1,brainpoolP512r1,secp256k1");
2. diff
+ Cnf.CndSet("APT::Key::Assert-Pubkey-Algo::Next",
">=rsa2048,ed25519,ed448,nistp256,nistp384,nistp512");
+ Cnf.CndSet("APT::Key::Assert-Pubkey-Algo::Future",
">=rsa3072,ed25519,ed448");
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2073126
Title:
More nuanced public key algorithm revocation
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2073126/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
