| 2024-02-27 16:25:12 |
Julian Andres Klode |
bug |
|
|
added bug |
| 2024-02-27 16:25:44 |
Julian Andres Klode |
description |
I don't know if this will land before the feature freeze but I'm filing this in any case:
Our goal for 24.04 is to reject 1024-bit RSA repository signing keys. Work is ongoing in Launchpad to allow dual-signing PPAs and then resign all PPAs with a 4096-bit key.
This needs the following changes:
1) The gnupg upstream commit for https://dev.gnupg.org/T6946 needs to be backported
2) APT needs to learn to pass the argument if supported
3) APT needs to learn to interpret the output
4) APT possibly may have to learn to issue warnings instead of errors for weak keys and pass the URL to the gpgv method to allow 1024-bit RSA keys over TLS connections, in case there are unforeseen issues with the PPA migration.
Signing key policy: We would like to adopt a signing key policy of
rsa>2048,ed25519,ed448
As a result we would like to reject
- RSA keys below 2048 bits
- DSA keys
- Unsafe ECC keys:
- NIST P-{256,384,521}
- Brainpool P-{256,384,512}
- secp256k1
Notes:
- DSA keys are not possible to use anymore due to the deprecation of SHA1 that happened years ago
- NIST and Brainpool and secp256k1 are not very popular, https://safecurves.cr.yp.to/ lists all of them as unsafe. It is believed they have backdoors. Some FIPS customers may prefer them over Ed25519 and Ed448 as they have been approved longer, so it's possible fips support packages could reenable them by setting the correct apt.conf setting in a snippet. |
I don't know if this will land before the feature freeze but I'm filing this in any case:
Our goal for 24.04 is to reject 1024-bit RSA repository signing keys. Work is ongoing in Launchpad to allow dual-signing PPAs and then resign all PPAs with a 4096-bit key.
This needs the following changes:
1) The gnupg upstream commit for https://dev.gnupg.org/T6946 needs to be backported. This is applying fine and in the package already, but the test suite fails with issues that look weirdly unrelated.
2) APT needs to learn to pass the argument if supported
3) APT needs to learn to interpret the output
4) APT possibly may have to learn to issue warnings instead of errors for weak keys and pass the URL to the gpgv method to allow 1024-bit RSA keys over TLS connections, in case there are unforeseen issues with the PPA migration.
Signing key policy: We would like to adopt a signing key policy of
rsa>2048,ed25519,ed448
As a result we would like to reject
- RSA keys below 2048 bits
- DSA keys
- Unsafe ECC keys:
- NIST P-{256,384,521}
- Brainpool P-{256,384,512}
- secp256k1
Notes:
- DSA keys are not possible to use anymore due to the deprecation of SHA1 that happened years ago
- NIST and Brainpool and secp256k1 are not very popular, https://safecurves.cr.yp.to/ lists all of them as unsafe. It is believed they have backdoors. Some FIPS customers may prefer them over Ed25519 and Ed448 as they have been approved longer, so it's possible fips support packages could reenable them by setting the correct apt.conf setting in a snippet. |
|
| 2024-02-27 16:25:49 |
Julian Andres Klode |
bug task added |
|
gnupg (Ubuntu) |
|
| 2024-02-27 16:27:26 |
Julian Andres Klode |
description |
I don't know if this will land before the feature freeze but I'm filing this in any case:
Our goal for 24.04 is to reject 1024-bit RSA repository signing keys. Work is ongoing in Launchpad to allow dual-signing PPAs and then resign all PPAs with a 4096-bit key.
This needs the following changes:
1) The gnupg upstream commit for https://dev.gnupg.org/T6946 needs to be backported. This is applying fine and in the package already, but the test suite fails with issues that look weirdly unrelated.
2) APT needs to learn to pass the argument if supported
3) APT needs to learn to interpret the output
4) APT possibly may have to learn to issue warnings instead of errors for weak keys and pass the URL to the gpgv method to allow 1024-bit RSA keys over TLS connections, in case there are unforeseen issues with the PPA migration.
Signing key policy: We would like to adopt a signing key policy of
rsa>2048,ed25519,ed448
As a result we would like to reject
- RSA keys below 2048 bits
- DSA keys
- Unsafe ECC keys:
- NIST P-{256,384,521}
- Brainpool P-{256,384,512}
- secp256k1
Notes:
- DSA keys are not possible to use anymore due to the deprecation of SHA1 that happened years ago
- NIST and Brainpool and secp256k1 are not very popular, https://safecurves.cr.yp.to/ lists all of them as unsafe. It is believed they have backdoors. Some FIPS customers may prefer them over Ed25519 and Ed448 as they have been approved longer, so it's possible fips support packages could reenable them by setting the correct apt.conf setting in a snippet. |
I don't know if this will land before the feature freeze but I'm filing this in any case:
Our goal for 24.04 is to reject 1024-bit RSA repository signing keys. Work is ongoing in Launchpad to allow dual-signing PPAs and then resign all PPAs with a 4096-bit key.
This needs the following changes:
1) The gnupg upstream commit for https://dev.gnupg.org/T6946 needs to be backported. This is applying fine and in the package already, but the test suite fails with issues that look weirdly unrelated.
2) APT needs to learn to pass the argument if supported
3) APT needs to learn to interpret the output
4) APT possibly may have to learn to issue warnings instead of errors for weak keys and pass the URL to the gpgv method to allow 1024-bit RSA keys over TLS connections, in case there are unforeseen issues with the PPA migration.
Signing key policy: We would like to adopt a signing key policy of
rsa>2048,ed25519,ed448
As a result we would like to reject
- RSA keys below 2048 bits
- DSA keys
- Unsafe ECC keys:
- NIST P-{256,384,521}
- Brainpool P-{256,384,512}
- secp256k1
Notes:
- DSA keys are not possible to use anymore due to the deprecation of SHA1 that happened years ago
- NIST and Brainpool and secp256k1 are not very popular, https://safecurves.cr.yp.to/ lists all of them as unsafe. It is believed they have backdoors. Some FIPS customers may prefer them over Ed25519 and Ed448 as they have been approved longer, so it's possible fips support packages could reenable them by setting the correct apt.conf setting in a snippet.
Timing wrt feature freeze and launchpad changes:
Launchpad changes won't be landing before feature freeze and it will take some more weeks to resign the repositories, hence we need to do uploads after FF to enable the error by default even if we ship the functionality before it. |
|
| 2024-02-28 14:32:05 |
Julian Andres Klode |
gnupg (Ubuntu): status |
New |
Fix Committed |
|
| 2024-02-28 14:32:21 |
Julian Andres Klode |
affects |
gnupg (Ubuntu) |
gnupg2 (Ubuntu) |
|
| 2024-03-13 11:48:50 |
Julian Andres Klode |
apt (Ubuntu): status |
New |
Fix Committed |
|
| 2024-03-28 07:50:25 |
Launchpad Janitor |
gnupg2 (Ubuntu): status |
Fix Committed |
Fix Released |
|
| 2024-03-28 07:58:07 |
Launchpad Janitor |
apt (Ubuntu): status |
Fix Committed |
Fix Released |
|
| 2024-08-13 14:19:38 |
Julian Andres Klode |
summary |
[FFe] APT 24.04 crypto policy update |
APT 24.04 crypto policy update |
|
