Ubuntu

GPG key migration and application compatibility testing

Registered by Kees Cook on 2010-04-27

Review what is needed for successful GPG key migrations, including client applications.

Blueprint information

Status:: Complete

Approver:: Kees Cook

Priority:: Medium

Drafter:: Kees Cook

Direction:: Needs approval

Assignee:: Kees Cook

Definition:: Approved

Series goal:: Accepted for maverick

Implementation:: Implemented

Milestone target:: ubuntu-10.10

Started by: Kees Cook on 2010-09-27

Completed by: Kees Cook on 2010-09-30

Related branches

Related bugs

Sprints

uds-m

Whiteboard

Will be handled either during roundtables at UDS or over email. Decide how to deal with potential key migration to new defaults.

Circa 2000 defaults:
     1024 DSA
     Cipher: 3DES
     Digest: SHA1
     Compression: ZIP, Uncompressed

Circa 2003 defaults:
     1024 DSA
     Cipher: AES256, AES192, AES, CAST5, 3DES
     Digest: SHA1, SHA256, RIPEMD160
     Compression: ZLIB, BZIP2, ZIP, Uncompressed

Circa 2010 defaults:
     2048 RSA
     Cipher: AES256, AES192, AES, CAST5, 3DES
     Digest: SHA256, SHA1, SHA384, SHA512, SHA224
     Compression: ZLIB, BZIP2, ZIP, Uncompressed

http://www.debian-administration.org/users/dkg/weblog/48
Potential full-strength:
     4096 RSA
     Cipher: AES256, AES192, AES, CAST5, 3DES
     Digest: SHA512, SHA384, SHA256, SHA224, SHA1
     Compression: ZLIB, BZIP2, ZIP, Uncompressed

Applications of unknown sanity:
* evolution
* thunderbird

Documentation page started at https://wiki.ubuntu.com/SecurityTeam/GPGMigration

Work items:
[mdeslaur] evaluate evolution's ability to verify and sign SHA2-family messages: DONE
[mdeslaur] document the outcome of evolution SHA2 evaluations in wiki: DONE
[mdeslaur] SRU evolution SHA2 patches to lucid: POSTPONED
[kees] evaluate thunderbird's ability to verify and sign SHA2-family messages: DONE
[kees] document the outcome of thunderbird SHA2 evaluations in wiki: DONE
[sbeattie] evaluate mutt's ability to verify and sign SHA2-family messages: DONE
[sbeattie] document the outcome of mutt SHA2 evaluations in wiki: DONE
[jdstrand] evaluate kmail's ability to verify and sign SHA2-family messages: DONE
[jdstrand] document the outcome of kmail SHA2 evaluations in wiki: DONE
[sbeattie] evaluate gmail's ability to verify and sign SHA2-family messages: DONE
[sbeattie] document the outcome of gmail SHA2 evaluations in wiki: DONE
[kees] document recommendation for GPG key migration: DONE
[kees] migrate personal GPG key (http://outflux.net/key-transition-2010-09-27-kees.txt): DONE
[jdstrand] migrate personal GPG key (http://www.strandboge.com/jamie/key-transition-2010-09-30-jdstrand.txt): DONE
[mdeslaur] migrate personal GPG key (http://people.canonical.com/~mdeslaur/key-transition-2010-09-30-mdeslaur.txt): DONE
[sbeattie] migrate personal GPG key (http://www.nxnw.org/~steve/key-transition-2010-06-08-sbeattie.txt): DONE

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

Colin Watson

Jamie Strandboge

Johan Kiviniemi

Kees Cook

Marc Deslauriers

Steve Beattie