Opened 9 months ago

Last modified 5 months ago

#29671 assigned task

evaluate possible options for OpenPGP keyring maintenance

Reported by: anarcat Owned by: tpa
Priority: Low Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by anarcat)

Many tickets here are about maintaining the various keyrings required for daily operations at Tor. A few examples include new keys, expiration updates and so on: #27748 , #27748, #27726, #27600, #28891, #28150, #28138, #29455... but there are literally hundreds of such tickets.

Those keys currently get stored in LDAP and require a TPA to make changes, that is in git@git-rw.torproject.org:admin/account-keyring.git and ssh://alberti.torproject.org/srv/db.torproject.org/keyrings/keyring.git. The TPA password manager also has its own keyring subset, see #29677.

Then there's also stuff like the torbrowser signing keys which are not stored in LDAP (#28306), creating another source of truth for keys.

All of this makes key maintenance and discovery difficult. Investigate possible alternatives, including Debian packages (like the one used by debian-archive-keyring), a private keyserver, gpgsync, monkeysphere, or a flock of unicorn. ;)

Child Tickets

Change History (5)

comment:1 Changed 9 months ago by anarcat

this was also somewhat briefly discussed in montreal/2017: https://trac.torproject.org/projects/tor/wiki/org/meetings/2017Montreal/Notes/BusFactor

comment:2 Changed 7 months ago by anarcat

Description: modified (diff)

document new keyrings I found.

comment:3 Changed 7 months ago by anarcat

Description: modified (diff)

comment:4 Changed 5 months ago by anarcat

the TBB key is now in account-keyring, and we are considering adding other role keys there. the keys there are published in WKD as well, which makes discovery from the outside easier.

comment:5 Changed 5 months ago by anarcat

another task we might want to automate or make easier is audit for expired keys and retirement for existing keys, see #31214 for such a punctual audit.

Note: See TracTickets for help on using tickets.