[Bug 1461834] Re: 1024-bit signing keys should be deprecated

Colin Watson cjwatson at canonical.com
Fri Jan 17 23:07:54 UTC 2020 

** Description changed:

- 1024-bit RSA เลิกใช้แล้วเมื่อหลายปีก่อนโดย NIST [1], Microsoft [2]
- และอื่น ๆ เมื่อไม่นานมานี้ [3]
+ 1024-bit RSA was deprecated  years ago by NIST[1], Microsoft[2] and more
+ recently by others[3].
  
- คีย์การลงชื่อ 1024
- บิตไม่เพียงพอที่จะรับประกันความถูกต้องของซอฟต์แวร์ที่แจกจ่ายจาก
- Launchpad.net รวมถึง PPA
- ควรมีกลไกในการปฏิเสธการเซ็นชื่อคีย์ด้านล่างความยาวคีย์ต่ำสุดตามชนิดของคีย์
- คีย์การเซ็นชื่อ 1024 บิตควรเลิกใช้แล้วนำออกจาก Launchpad.net
- โดยเร็วที่สุด โครงการในอนาคตและ PPAs ควรถูกห้ามไม่ให้ใช้คีย์การลงชื่อ
- 1024 บิต
+ 1024-bit signing keys are insufficient to guarantee the authenticity of
+ software distributed from Launchpad.net including PPAs. There should be
+ a mechanism to refuse signing keys below a minimum key length based on
+ key type. 1024-bit signing keys should be deprecated and removed from
+ Launchpad.net itself ASAP.  Future projects and PPAs should be
+ disallowed from using 1024-bit signing keys.
  
  1. http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
  2. http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx
  3. https://threatpost.com/mozilla-1024-bit-cert-deprecation-leaves-107000-sites-untrusted/108114

** Changed in: launchpad
     Assignee: wachirapranee tesprasit (tatar28) => (unassigned)

** Changed in: apt (Ubuntu)
     Assignee: wachirapranee tesprasit (tatar28) => (unassigned)

** Changed in: gnupg2 (Ubuntu)
     Assignee: wachirapranee tesprasit (tatar28) => (unassigned)

** Changed in: launchpad
       Status: Fix Released => New

** Changed in: apt (Ubuntu)
       Status: Fix Released => Invalid

** Changed in: gnupg2 (Ubuntu)
       Status: Fix Released => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnupg2 in Ubuntu.
https://bugs.launchpad.net/bugs/1461834

Title:
  1024-bit signing keys should be deprecated

Status in Launchpad itself:
  New
Status in apt package in Ubuntu:
  Invalid
Status in gnupg2 package in Ubuntu:
  Confirmed

Bug description:
  1024-bit RSA was deprecated  years ago by NIST[1], Microsoft[2] and
  more recently by others[3].

  1024-bit signing keys are insufficient to guarantee the authenticity
  of software distributed from Launchpad.net including PPAs. There
  should be a mechanism to refuse signing keys below a minimum key
  length based on key type. 1024-bit signing keys should be deprecated
  and removed from Launchpad.net itself ASAP.  Future projects and PPAs
  should be disallowed from using 1024-bit signing keys.

  1. http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
  2. http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx
  3. https://threatpost.com/mozilla-1024-bit-cert-deprecation-leaves-107000-sites-untrusted/108114

To manage notifications about this bug go to:
https://bugs.launchpad.net/launchpad/+bug/1461834/+subscriptions

More information about the foundations-bugs mailing list