Re: rpm with sequoia pgp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 05 Sep 2022 10:12:23 +0200,
Alexander Sosedkin wrote:
> Mind the
> https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies
> 
> Will we need to introduce a configuration mechanism to limit algorithm
> selection in Sequoia PGP? Or just wait untl it switches to OpenSSL?

Good question.

Sequoia has a flexible mechanism to describe its cryptographic policy:

  https://docs.sequoia-pgp.org/sequoia_openpgp/policy/struct.StandardPolicy.html

There isn't yet a way to configure it using a configuration file, but
that is doable.  Here's the issue, fwiw:

  https://gitlab.com/sequoia-pgp/sequoia/-/issues/857

One potential issue is that OpenPGP fingerprints are computed using
SHA-1.  In practice this is not a security problem as fingerprints
don't need collision resistance, just second pre-image resistance,
which SHA-1 still has.

The upcoming version of the OpenPGP specification specifies SHA2
256-based fingerprints

  https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.4

But we won't be able to switch immediately: users would have to create
new certificates, and old certificates would have to fall out of use.

Neal
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux