GPG key migration and application compatibility testing
Review what is needed for successful GPG key migrations, including client applications.
Blueprint information
Whiteboard
Will be handled either during roundtables at UDS or over email. Decide how to deal with potential key migration to new defaults.
Circa 2000 defaults:
1024 DSA
Cipher: 3DES
Digest: SHA1
Compression: ZIP, Uncompressed
Circa 2003 defaults:
1024 DSA
Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA1, SHA256, RIPEMD160
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Circa 2010 defaults:
2048 RSA
Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA256, SHA1, SHA384, SHA512, SHA224
Compression: ZLIB, BZIP2, ZIP, Uncompressed
http://
Potential full-strength:
4096 RSA
Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA512, SHA384, SHA256, SHA224, SHA1
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Applications of unknown sanity:
* evolution
* thunderbird
Documentation page started at https:/
Work items:
[mdeslaur] evaluate evolution's ability to verify and sign SHA2-family messages: DONE
[mdeslaur] document the outcome of evolution SHA2 evaluations in wiki: DONE
[mdeslaur] SRU evolution SHA2 patches to lucid: POSTPONED
[kees] evaluate thunderbird's ability to verify and sign SHA2-family messages: DONE
[kees] document the outcome of thunderbird SHA2 evaluations in wiki: DONE
[sbeattie] evaluate mutt's ability to verify and sign SHA2-family messages: DONE
[sbeattie] document the outcome of mutt SHA2 evaluations in wiki: DONE
[jdstrand] evaluate kmail's ability to verify and sign SHA2-family messages: DONE
[jdstrand] document the outcome of kmail SHA2 evaluations in wiki: DONE
[sbeattie] evaluate gmail's ability to verify and sign SHA2-family messages: DONE
[sbeattie] document the outcome of gmail SHA2 evaluations in wiki: DONE
[kees] document recommendation for GPG key migration: DONE
[kees] migrate personal GPG key (http://
[jdstrand] migrate personal GPG key (http://
[mdeslaur] migrate personal GPG key (http://
[sbeattie] migrate personal GPG key (http://