Bug #16327
Certify the key of tails-{fundraising,mirrors,sysadmins}@boum.org with the signing key
0%
Description
So far they are not.
Subtasks
Related issues
Related to Tails - Bug #15710: The Tails signing key is not trusted from within Tails | Confirmed | 2018-07-04 | |
Related to Tails - |
Resolved | 2018-09-01 |
History
#1 Updated by sajolida 2019-01-08 16:12:11
- related to Bug #15710: The Tails signing key is not trusted from within Tails added
#2 Updated by intrigeri 2019-01-10 07:41:50
- Subject changed from Sign the key of tails-mirrors@boum.org and tails-sysadmins@boum.org by the signing key to Sign the key of tails-mirrors@boum.org and tails-sysadmins@boum.org with the signing key
- Status changed from New to Confirmed
Would be nice, indeed :)
Regarding implementation: any set of people who can reconstruct our signing key can do that.
#3 Updated by sajolida 2019-01-10 09:46:35
- related to
Feature #15890: Update our OpenPGP keys in 2019 added
#4 Updated by intrigeri 2019-04-25 13:38:52
- Subject changed from Sign the key of tails-mirrors@boum.org and tails-sysadmins@boum.org with the signing key to Sign the key of tails-{fundraising,mirrors,sysadmins}@boum.org with the signing key
#5 Updated by intrigeri 2019-10-08 13:13:55
- Status changed from Confirmed to In Progress
Applied in changeset commit:tails|8c8db842b316c7f158d382ed5d4a4ce57f12db1f.
#6 Updated by intrigeri 2019-10-08 13:16:51
- Subject changed from Sign the key of tails-{fundraising,mirrors,sysadmins}@boum.org with the signing key to Certify the key of tails-{fundraising,mirrors,sysadmins}@boum.org with the signing key
- Status changed from In Progress to Needs Validation
- Assignee set to sajolida
- Target version set to Tails_4.0
Done while I was on Feature #15890 and it was therefore cheaper:
- sent the 3 pubkeys to hkps://keys.openpgp.org and hkps://hkps.pool.sks-keyservers.net
- updated the 2 of these pubkeys that were in tails.git with commit:8c8db842b316c7f158d382ed5d4a4ce57f12db1f
#7 Updated by sajolida 2019-10-08 15:26:03
I can’t see any signature by 0xDBB802B258ACD84F on:
- https://keys.openpgp.org/search?q=tails-fundraising%40boum.org
- https://keys.openpgp.org/search?q=tails-mirrors%40boum.org
- https://keys.openpgp.org/search?q=tails-sysadmins%40boum.org
- http://zimmerman.mayfirst.org/pks/lookup?search=tails-fundraising%40boum.org&op=vindex
- http://zimmerman.mayfirst.org/pks/lookup?search=tails-mirrors%40boum.org&op=vindex
- http://zimmerman.mayfirst.org/pks/lookup?search=tails-sysadmins%40boum.org&op=vindex
I’ll wait a few more days :)
#8 Updated by intrigeri 2019-10-08 16:51:21
> I can’t see any signature by 0xDBB802B258ACD84F on:
> * https://keys.openpgp.org/search?q=tails-fundraising%40boum.org
> * https://keys.openpgp.org/search?q=tails-mirrors%40boum.org
> * https://keys.openpgp.org/search?q=tails-sysadmins%40boum.org
Silly me, this keyserver ignores non-self certifications anyway.
For the regular keyservers network:
> * http://zimmerman.mayfirst.org/pks/lookup?search=tails-fundraising%40boum.org&op=vindex
> * http://zimmerman.mayfirst.org/pks/lookup?search=tails-mirrors%40boum.org&op=vindex
> * http://zimmerman.mayfirst.org/pks/lookup?search=tails-sysadmins%40boum.org&op=vindex
> I’ll wait a few more days :)
Yeah, this should do the trick.
#9 Updated by intrigeri 2019-10-21 11:46:15
- Target version changed from Tails_4.0 to Tails_4.1
#10 Updated by sajolida 2019-10-22 16:17:52
- Status changed from Needs Validation to In Progress
- Assignee changed from sajolida to intrigeri
The signatures on tails-mirrors and tails-sysadmins are now on zimmerman.mayfirst.org, but not the signature on tails-fundraising. I can only see a signature by our old signing key, which expired in 2015 (0xBE2CD9C1):
http://zimmerman.mayfirst.org/pks/lookup?search=tails-fundraising%40boum.org&op=vindex
#11 Updated by intrigeri 2019-10-22 16:30:12
- Status changed from In Progress to Needs Validation
- Assignee changed from intrigeri to sajolida
> The signatures on tails-mirrors and tails-sysadmins are now on
> zimmerman.mayfirst.org, but not the signature on tails-fundraising.
That keyserver is lagging behind the pool. https://sks-keyservers.net/status/ confirms that it currently does not qualify to be in the pool, for some reason (I suspect a negative “ΔKeys” means “out of sync”). I know you have bad experiences with the pool reachability (me too), but at least it includes only keyservers that are up-to-date.
Here’s one keyserver that’s up-to-date (and in the pool), that has the signature: https://pgp.ocf.berkeley.edu/pks/lookup?op=vindex&fingerprint=on&search=0xFEB0D5A18EACAF99
#12 Updated by sajolida 2019-10-22 17:51:08
- Status changed from Needs Validation to Resolved
- Assignee deleted (
sajolida)
I didn’t think that the same keyserver could be up-to-date on some of these keys only, after 2 weeks already. Strange. But problem solved!
#13 Updated by intrigeri 2019-10-22 17:53:22
> I didn’t think that the same keyserver could be up-to-date on some of these keys only, after 2 weeks already. Strange.
Software systems can be buggy in very surprising ways, indeed :)