[FOSDEM] Keysigning: please submit your keys
Philip Paeps
philip at fosdem.org
Thu Dec 23 15:28:29 CET 2010
On 2010-12-23 07:41:01 (-0600), Tom Marble <tmarble at info9.net> wrote:
> On 12/21/2010 09:17 AM, Philip Paeps wrote:
> > The keysigning infrastructure seems to have held up well this year. I
> > spent some time today preparing the infrastructure for FOSDEM 2011.
>
> As you are now promoting the KSP here (and on twitter)
Ehm, I'm not promoting anything on twitter. I don't believe in systems that
are designed for more overhead than data. I hope whoever is sending stuff to
twitter is not doing so in my name. When in doubt, only this mailing list is
authoritative.
> allow me to suggest that the KSP organizers recommend that attendees
> consider generating stronger 4096 RSA keys [0] if they have not already and
> double check the GPG configuration for signature strength SHA-512 [1][2][3].
>
> In preparing for the Debconf 10 KSP [4] several resources were assembled to
> help in this process [5][6]. I created a small program, kspsig, to help
> verify signature strength [7].
The keyserver could probably be modified to reject weak keys. Alternatively,
I could also run a cronjob over the submitted keys nightly and email the UIDs
if the keys are weak.
I'll take a look at your program.
- Philip
--
Philip Paeps Please don't Cc me, I am
philip at fosdem.org subscribed to the list.
The content of all messages is the sole responsibility of the author.
More information about the FOSDEM
mailing list