Re: OpenPGP keys

[Jeffrey Walton]

On Wed, Dec 11, 2024 at 1:16 PM Bruno Haible via Gnulib discussion
list <bug-gnulib@gnu.org> wrote:
>
> [...]
> > if I got your PGP
> > key a couple of years ago and still have it locally, your newly made
> > signature will verify against it.  I wouldn't fetch your key on every
> > verification attempt.  It is only when keys are rotated that I need to
> > make a new trust decisions.  If you continue to use your key for a
> > couple of years, I will gain trust over time by seeing your continued
> > use of that key.
>
> Is this merely a theoretical consideration, or is it an actual practical
> one? That is, is there someone (at Debian, or at some other distro) who
> will check whether the GPG keys which signed the latest libunistring and
> gettext releases are the same?

Key continuity is a very desirable security property. Pinning is built
into SSH (that's the TOFU prompt when connecting to a new machine). It
is also the reason one performs pinning in protocols like HTTPS.

Gratuitous key rotation, like the CAs and Browsers are moving towards,
is a disaster for security. It breaks pinning, which is a very strong
security control.

Peter Guttman discusses the topics in depth in his book Engineering
Security, <https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf>.
Guttman provides lots of citations to conference papers and security
usability studies.

Jeff