Project

General

Profile

Bug #16327

Certify the key of tails-{fundraising,mirrors,sysadmins}@boum.org with the signing key

Added by sajolida 10 months ago. Updated 25 days ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
01/08/2019
Due date:
% Done:

0%

Feature Branch:
Type of work:
Sysadmin
Blueprint:
Starter:
Affected tool:

Description

So far they are not.


Related issues

Related to Tails - Bug #15710: The Tails signing key is not trusted from within Tails Confirmed 07/04/2018
Related to Tails - Feature #15890: Update our OpenPGP keys in 2019 Resolved 09/01/2018

Associated revisions

Revision 8c8db842 (diff)
Added by intrigeri about 1 month ago

Update tails-mirrors@ and tails-sysadmins@ public keys (refs: #16327)

The updated ones include suitable certifications by tails@'s signing key.

History

#1 Updated by sajolida 10 months ago

  • Related to Bug #15710: The Tails signing key is not trusted from within Tails added

#2 Updated by intrigeri 10 months ago

  • Subject changed from Sign the key of tails-mirrors@boum.org and tails-sysadmins@boum.org by the signing key to Sign the key of tails-mirrors@boum.org and tails-sysadmins@boum.org with the signing key
  • Status changed from New to Confirmed

Would be nice, indeed :)

Regarding implementation: any set of people who can reconstruct our signing key can do that.

#3 Updated by sajolida 10 months ago

#4 Updated by intrigeri 7 months ago

  • Subject changed from Sign the key of tails-mirrors@boum.org and tails-sysadmins@boum.org with the signing key to Sign the key of tails-{fundraising,mirrors,sysadmins}@boum.org with the signing key

#5 Updated by intrigeri about 1 month ago

  • Status changed from Confirmed to In Progress

#6 Updated by intrigeri about 1 month ago

  • Subject changed from Sign the key of tails-{fundraising,mirrors,sysadmins}@boum.org with the signing key to Certify the key of tails-{fundraising,mirrors,sysadmins}@boum.org with the signing key
  • Status changed from In Progress to Needs Validation
  • Assignee set to sajolida
  • Target version set to Tails_4.0

Done while I was on #15890 and it was therefore cheaper:

#9 Updated by intrigeri 27 days ago

  • Target version changed from Tails_4.0 to Tails_4.1

#10 Updated by sajolida 25 days ago

  • Status changed from Needs Validation to In Progress
  • Assignee changed from sajolida to intrigeri

The signatures on tails-mirrors and tails-sysadmins are now on zimmerman.mayfirst.org, but not the signature on tails-fundraising. I can only see a signature by our old signing key, which expired in 2015 (0xBE2CD9C1):

http://zimmerman.mayfirst.org/pks/lookup?search=tails-fundraising%40boum.org&op=vindex

#11 Updated by intrigeri 25 days ago

  • Status changed from In Progress to Needs Validation
  • Assignee changed from intrigeri to sajolida

The signatures on tails-mirrors and tails-sysadmins are now on
zimmerman.mayfirst.org, but not the signature on tails-fundraising.

That keyserver is lagging behind the pool. https://sks-keyservers.net/status/ confirms that it currently does not qualify to be in the pool, for some reason (I suspect a negative "ΔKeys" means "out of sync"). I know you have bad experiences with the pool reachability (me too), but at least it includes only keyservers that are up-to-date.

Here's one keyserver that's up-to-date (and in the pool), that has the signature: https://pgp.ocf.berkeley.edu/pks/lookup?op=vindex&fingerprint=on&search=0xFEB0D5A18EACAF99

#12 Updated by sajolida 25 days ago

  • Status changed from Needs Validation to Resolved
  • Assignee deleted (sajolida)

I didn't think that the same keyserver could be up-to-date on some of these keys only, after 2 weeks already. Strange. But problem solved!

#13 Updated by intrigeri 25 days ago

I didn't think that the same keyserver could be up-to-date on some of these keys only, after 2 weeks already. Strange.

Software systems can be buggy in very surprising ways, indeed :)

Also available in: Atom PDF