GPG key migration and application compatibility testing

Registered by Kees Cook

Review what is needed for successful GPG key migrations, including client applications.

Blueprint information

Status:
Complete
Approver:
Kees Cook
Priority:
Medium
Drafter:
Kees Cook
Direction:
Needs approval
Assignee:
Kees Cook
Definition:
Approved
Series goal:
Accepted for maverick
Implementation:
Implemented
Milestone target:
milestone icon ubuntu-10.10
Started by
Kees Cook
Completed by
Kees Cook

Related branches

Sprints

Whiteboard

Will be handled either during roundtables at UDS or over email. Decide how to deal with potential key migration to new defaults.

Circa 2000 defaults:
     1024 DSA
     Cipher: 3DES
     Digest: SHA1
     Compression: ZIP, Uncompressed

Circa 2003 defaults:
     1024 DSA
     Cipher: AES256, AES192, AES, CAST5, 3DES
     Digest: SHA1, SHA256, RIPEMD160
     Compression: ZLIB, BZIP2, ZIP, Uncompressed

Circa 2010 defaults:
     2048 RSA
     Cipher: AES256, AES192, AES, CAST5, 3DES
     Digest: SHA256, SHA1, SHA384, SHA512, SHA224
     Compression: ZLIB, BZIP2, ZIP, Uncompressed

http://www.debian-administration.org/users/dkg/weblog/48
Potential full-strength:
     4096 RSA
     Cipher: AES256, AES192, AES, CAST5, 3DES
     Digest: SHA512, SHA384, SHA256, SHA224, SHA1
     Compression: ZLIB, BZIP2, ZIP, Uncompressed

Applications of unknown sanity:
 * evolution
 * thunderbird

Documentation page started at https://wiki.ubuntu.com/SecurityTeam/GPGMigration

Work items:
[mdeslaur] evaluate evolution's ability to verify and sign SHA2-family messages: DONE
[mdeslaur] document the outcome of evolution SHA2 evaluations in wiki: DONE
[mdeslaur] SRU evolution SHA2 patches to lucid: POSTPONED
[kees] evaluate thunderbird's ability to verify and sign SHA2-family messages: DONE
[kees] document the outcome of thunderbird SHA2 evaluations in wiki: DONE
[sbeattie] evaluate mutt's ability to verify and sign SHA2-family messages: DONE
[sbeattie] document the outcome of mutt SHA2 evaluations in wiki: DONE
[jdstrand] evaluate kmail's ability to verify and sign SHA2-family messages: DONE
[jdstrand] document the outcome of kmail SHA2 evaluations in wiki: DONE
[sbeattie] evaluate gmail's ability to verify and sign SHA2-family messages: DONE
[sbeattie] document the outcome of gmail SHA2 evaluations in wiki: DONE
[kees] document recommendation for GPG key migration: DONE
[kees] migrate personal GPG key (http://outflux.net/key-transition-2010-09-27-kees.txt): DONE
[jdstrand] migrate personal GPG key (http://www.strandboge.com/jamie/key-transition-2010-09-30-jdstrand.txt): DONE
[mdeslaur] migrate personal GPG key (http://people.canonical.com/~mdeslaur/key-transition-2010-09-30-mdeslaur.txt): DONE
[sbeattie] migrate personal GPG key (http://www.nxnw.org/~steve/key-transition-2010-06-08-sbeattie.txt): DONE

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.