[Bug 1461834] Re: 1024-bit signing keys should be deprecated
Bob Freeman
bobfreeman at nycmail.com
Sat May 6 16:37:22 UTC 2017
Launchpad could *automatically* create a mirror of any PPA that still
uses a 1024 bit key, with a standard suffix to the name, eg xyzppa gets
mirrored as xyzppa-newkey. It could then link to it from the page for
the original PPA. It would always have all the same source, built files
and other content, and the content would only need to be stored once on
the server. It would just be a different way of accessing the same PPA.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1461834
Title:
1024-bit signing keys should be deprecated
Status in Launchpad itself:
New
Status in apt package in Ubuntu:
Confirmed
Bug description:
1024-bit RSA was deprecated years ago by NIST[1], Microsoft[2] and
more recently by others[3].
1024-bit signing keys are insufficient to guarantee the authenticity
of software distributed from Launchpad.net including PPAs. There
should be a mechanism to refuse signing keys below a minimum key
length based on key type. 1024-bit signing keys should be deprecated
and removed from Launchpad.net itself ASAP. Future projects and PPAs
should be disallowed from using 1024-bit signing keys.
1. http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
2. http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx
3. https://threatpost.com/mozilla-1024-bit-cert-deprecation-leaves-107000-sites-untrusted/108114
To manage notifications about this bug go to:
https://bugs.launchpad.net/launchpad/+bug/1461834/+subscriptions
More information about the foundations-bugs
mailing list