touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #92932
[Bug 1461834] Re: 1024-bit signing keys should be deprecated
Launchpad has used 4096-bit RSA keys for new PPAs since bug #1240681 was
fixed. Allowing PPA owners to replace the old 1024-bit keys is bug
#1331914.
** No longer affects: launchpad
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1461834
Title:
1024-bit signing keys should be deprecated
Status in apt package in Ubuntu:
Confirmed
Bug description:
1024-bit RSA was deprecated years ago by NIST[1], Microsoft[2] and
more recently by others[3].
1024-bit signing keys are insufficient to guarantee the authenticity
of software distributed from Launchpad.net including PPAs. There
should be a mechanism to refuse signing keys below a minimum key
length based on key type. 1024-bit signing keys should be deprecated
and removed from Launchpad.net itself ASAP. Future projects and PPAs
should be disallowed from using 1024-bit signing keys.
1. http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
2. http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx
3. https://threatpost.com/mozilla-1024-bit-cert-deprecation-leaves-107000-sites-untrusted/108114
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1461834/+subscriptions