** Description changed:

- APT 2.9.x and 2.8.0 revoke any of the non-asserted algorithms, we should
- modify the mechanism such that only RSA1024 is raised to an error to
- avoid unwanted regressions while still keeping the set of fully
- supported algorithms small.
+ [Impact]
+ We have received feedback from users that use NIST-P256 keys for their 
repositories that are upset about receiving a warning. APT 2.8.0 in 
noble-proposed would bump the warning to an error, breaking them.
+ 
+ [Solution]
+ Hence we will restore all elliptic curve keys of 256 or more bit to trusted:
+ 
+     APT::Key::Assert-Pubkey-Algo
+ 
">=rsa2048,ed25519,ed448,nistp256,nistp384,nistp512,brainpoolP256r1,brainpoolP320r1,brainpoolP384r1,brainpoolP512r1,secp256k1";
+ 
+ 
+ At the same time we will also introduce a more nuanced approach to 
revocations by introducing a 'next' level that issues a warning if the key is 
not allowed in it and a 'future' level that will issue an audit message with 
the --audit option.
+ 
+ For the next level, we will set it to:
+ 
+     ">=rsa2048,ed25519,ed448,nistp256,nistp384,nistp512"
+ 
+ This means we restrict warnings to Brainpool curves and the secp256k1
+ key, which we have not received any feedback about them being used yet.
+ 
+ For the future level, we will take a strong approach to best practices
+ as it is only seen when explictly running with --audit and the intention
+ is to highlight best practices. It will be set to
+ 
+    ">=rsa3072,ed25519,ed448";
+ 
+ Which corresponds to the NIST recommendations for 2031 (and as little
+ curves as possible)
+ 
+ [Test plan]
+ Tests are included in the library unit tests for parsing the specification 
strings; we have also included a test for the gpgv method to ensure that it 
produces the correct outcome for both 'next' and 'future' revoked keys.
+ 
+ A spot check with a 1024-bit RSA repository and a 4096 RSA repository
+ would still be nice.
+ 
+ 
+ [Where problems could occur]
+ There could of course be bugs in the implementation of the new feature; this 
could result in verification of files failing. This also happens if you specify 
an invalid `next` or `future` string.
+ 
+ There cannot be any false positives: The new levels are only
+ *additional* checks, anything not in the `Assert-Pubkey-Algo` list is
+ still revoked.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2073126

Title:
  More nuanced public key algorithm revocation

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2073126/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to