[FOSDEM] Keysigning: please submit your keys

Philip Paeps philip at fosdem.org
Thu Dec 23 15:28:29 CET 2010


On 2010-12-23 07:41:01 (-0600), Tom Marble <tmarble at info9.net> wrote:
> On 12/21/2010 09:17 AM, Philip Paeps wrote:
> > The keysigning infrastructure seems to have held up well this year.  I
> > spent some time today preparing the infrastructure for FOSDEM 2011.
>
> As you are now promoting the KSP here (and on twitter)

Ehm, I'm not promoting anything on twitter.  I don't believe in systems that
are designed for more overhead than data.  I hope whoever is sending stuff to
twitter is not doing so in my name.  When in doubt, only this mailing list is
authoritative.

> allow me to suggest that the KSP organizers recommend that attendees
> consider generating stronger 4096 RSA keys [0] if they have not already and
> double check the GPG configuration for signature strength SHA-512 [1][2][3].
> 
> In preparing for the Debconf 10 KSP [4] several resources were assembled to
> help in this process [5][6].  I created a small program, kspsig, to help
> verify signature strength [7].

The keyserver could probably be modified to reject weak keys.  Alternatively,
I could also run a cronjob over the submitted keys nightly and email the UIDs
if the keys are weak.

I'll take a look at your program.

 - Philip

-- 
Philip Paeps                                    Please don't Cc me, I am
philip at fosdem.org                                subscribed to the list.



More information about the FOSDEM mailing list