On Wed, Dec 11, 2024 at 1:16 PM Bruno Haible via Gnulib discussion list <bug-gnulib@gnu.org> wrote: > > [...] > > if I got your PGP > > key a couple of years ago and still have it locally, your newly made > > signature will verify against it. I wouldn't fetch your key on every > > verification attempt. It is only when keys are rotated that I need to > > make a new trust decisions. If you continue to use your key for a > > couple of years, I will gain trust over time by seeing your continued > > use of that key. > > Is this merely a theoretical consideration, or is it an actual practical > one? That is, is there someone (at Debian, or at some other distro) who > will check whether the GPG keys which signed the latest libunistring and > gettext releases are the same?
Key continuity is a very desirable security property. Pinning is built into SSH (that's the TOFU prompt when connecting to a new machine). It is also the reason one performs pinning in protocols like HTTPS. Gratuitous key rotation, like the CAs and Browsers are moving towards, is a disaster for security. It breaks pinning, which is a very strong security control. Peter Guttman discusses the topics in depth in his book Engineering Security, <https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf>. Guttman provides lots of citations to conference papers and security usability studies. Jeff
