Re: kernel.org status: establishing a PGP web of trust

From: Ted Ts'o
Date: Tue Oct 04 2011 - 00:49:21 EST

Next message: David Ahern: "Re: [PATCH] perf: make perf.data more self-descriptive (v8)"
Previous message: David Ahern: "Re: [PATCH] perf tools: Exit recording if events have non matchingsample type"
In reply to: Josh Triplett: "Re: kernel.org status: establishing a PGP web of trust"
Next in thread: H. Peter Anvin: "Re: kernel.org status: establishing a PGP web of trust"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Oct 03, 2011 at 03:56:52PM -0700, Josh Triplett wrote:
>
> Same question here. I have a key, which has already accumulated some
> signatures, and I feel confident that key remains secure, along with the
> one and only system that key lives on. I have a revocation certificate
> prepared for that key in a secure location, though I'd certainly welcome
> an escrow service from kernel.org as long as that service only stored
> encrypted documents to which only the key owner had the passphrase. I
> don't see any need to generate an entirely new key in a hurry.
> Certainly transitioning to larger and algorithmically better keys over
> time seems like a good idea, but given the nature of the kernel.org
> compromise, immediate concerns about the strength of GPG keys seems much
> less warranted than concerns about the security of the systems they live
> on.

This is what I did. I generated a new key a year ago, which has never
left my laptop. I accumulated keys at linux.conf.au, and after I get
more signatures at the KS in Prague, my intention is to gradually
transition from the key generated in 1997, which has been used to sign
all of my Debian packages and e2fsprogs releases, to my new key.

But that's only because I'm reasonably confident I can trust my new
key, and I did a very careful examination of my laptop looking for
signs that my machines might have been penetrated --- before I
reinstalled it and my desktop at the same time, and initiated a full
password change cycle. (Yes, that's paranoia. With security, the
question is always, "are you paranoid *enough*"?)

Note that if your laptop allows incoming ssh connections, and you
logged into master.kernel.org with ssh forwarding enabled, your laptop
may not be safe. So be very, very careful before you assume that your
laptop is safe. At least one kernel developer, after he got past the
belief, "surely I could have never had my machine be compromised",
looked carefully and found rootkits on his machines.

- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Ahern: "Re: [PATCH] perf: make perf.data more self-descriptive (v8)"
Previous message: David Ahern: "Re: [PATCH] perf tools: Exit recording if events have non matchingsample type"
In reply to: Josh Triplett: "Re: kernel.org status: establishing a PGP web of trust"
Next in thread: H. Peter Anvin: "Re: kernel.org status: establishing a PGP web of trust"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]