Hi Steve-- On Fri 2018-09-28 17:28:07 -0700, Steve Langasek wrote: > $ debsign -k01aa4a64 [...].changes > Refusing to sign with short key ID '01aa4a64'! > $ echo $? > 1 > $ > > Seriously?
Yep, seriously. Please specify the key you want to use unambiguously.
> What kind of collision attack involves injecting a PRIVATE KEY into my gpg
> keyring with the same short ID as the one I use for signing? If someone has
> write access to my private gpg keyring, I can think of a hundred other ways
> they could exploit that which don't involve pushing a fake private key to
> me, can't you?
please, help us enumerate exploits, because i suspect there are enough
"fingers crossed, let's just run gpg --import on this blob" situations
in debian and the rest of the ecosystem that yes, it's not impossible to
imagine pushing a fake private key into someone's keyring.
I recognize that the security concern isn't super well-fleshed out here,
but there is a robustness and confusion concern as well here.
deprecating short key IDs everywhere is concretely useful because of its
lack of ambiguity, in the same way that deprecating md5 everywhere is
useful even though it's probably not strictly necessary in some cases.
simple rules, clear guidance.
> So this provides no security benefit, and is hostile to the user.
I understand why you think this is user-hostile, and i'm sorry that
you've had that experience. It is not intended to be hostile, though;
it's intended to help us get to a world where short key IDs don't exist,
and people can't be confused by them.
I understand that you're sophisticated enough to untangle a mess from a
colliding secret key that gets pushed into your secret keyring, but
that's not the case for everyone.
> I memorize short IDs, and I use them, safely, with debsign -k when
> sponsoring uploads. I am not going to memorize long key IDs in
> response to this UX change; this is just going to make sponsorship
> more of a hassle for no reason.
I hear you, Steve. Your use case makes sense, and i want to help you
make it work. Perhaps we can figure out another ways to do what you're
aiming to do that is even easier.
How many short IDs do you have memorized for use in this case? I
personally put my full fingerprint in an environment variable that is
easy to remember, so i can just do "-k $PGPID" without worrying about
it.
anyway, i'm happy to brainstorm further for ways that we can streamline
your use case, but it would be a shame to remove these unambiguous
guardrails from debsign (or from dpkg-buildpackage, for that matter,
which i think should now also be enforcing the same constraints).
Regards,
--dkg
signature.asc
Description: PGP signature
