GPG key migration and application compatibility testing

Registered by Kees Cook on 2010-04-27

Review what is needed for successful GPG key migrations, including client applications.

Blueprint information

Status:
Complete
Approver:
Kees Cook
Priority:
Medium
Drafter:
Kees Cook
Direction:
Needs approval
Assignee:
Kees Cook
Definition:
Approved
Series goal:
Accepted for maverick
Implementation:
Implemented
Milestone target:
milestone icon ubuntu-10.10
Started by
Kees Cook on 2010-09-27
Completed by
Kees Cook on 2010-09-30

Related branches

Sprints

Whiteboard

Will be handled either during roundtables at UDS or over email. Decide how to deal with potential key migration to new defaults.

Circa 2000 defaults:
     1024 DSA
     Cipher: 3DES
     Digest: SHA1
     Compression: ZIP, Uncompressed

Circa 2003 defaults:
     1024 DSA
     Cipher: AES256, AES192, AES, CAST5, 3DES
     Digest: SHA1, SHA256, RIPEMD160
     Compression: ZLIB, BZIP2, ZIP, Uncompressed

Circa 2010 defaults:
     2048 RSA
     Cipher: AES256, AES192, AES, CAST5, 3DES
     Digest: SHA256, SHA1, SHA384, SHA512, SHA224
     Compression: ZLIB, BZIP2, ZIP, Uncompressed

http://www.debian-administration.org/users/dkg/weblog/48
Potential full-strength:
     4096 RSA
     Cipher: AES256, AES192, AES, CAST5, 3DES
     Digest: SHA512, SHA384, SHA256, SHA224, SHA1
     Compression: ZLIB, BZIP2, ZIP, Uncompressed

Applications of unknown sanity:
 * evolution
 * thunderbird

Documentation page started at https://wiki.ubuntu.com/SecurityTeam/GPGMigration

Work items:
[mdeslaur] evaluate evolution's ability to verify and sign SHA2-family messages: DONE
[mdeslaur] document the outcome of evolution SHA2 evaluations in wiki: DONE
[mdeslaur] SRU evolution SHA2 patches to lucid: POSTPONED
[kees] evaluate thunderbird's ability to verify and sign SHA2-family messages: DONE
[kees] document the outcome of thunderbird SHA2 evaluations in wiki: DONE
[sbeattie] evaluate mutt's ability to verify and sign SHA2-family messages: DONE
[sbeattie] document the outcome of mutt SHA2 evaluations in wiki: DONE
[jdstrand] evaluate kmail's ability to verify and sign SHA2-family messages: DONE
[jdstrand] document the outcome of kmail SHA2 evaluations in wiki: DONE
[sbeattie] evaluate gmail's ability to verify and sign SHA2-family messages: DONE
[sbeattie] document the outcome of gmail SHA2 evaluations in wiki: DONE
[kees] document recommendation for GPG key migration: DONE
[kees] migrate personal GPG key (http://outflux.net/key-transition-2010-09-27-kees.txt): DONE
[jdstrand] migrate personal GPG key (http://www.strandboge.com/jamie/key-transition-2010-09-30-jdstrand.txt): DONE
[mdeslaur] migrate personal GPG key (http://people.canonical.com/~mdeslaur/key-transition-2010-09-30-mdeslaur.txt): DONE
[sbeattie] migrate personal GPG key (http://www.nxnw.org/~steve/key-transition-2010-06-08-sbeattie.txt): DONE

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.