Opened 15 months ago

Last modified 11 months ago

#29671 assigned task

evaluate possible options for OpenPGP keyring maintenance

Reported by: anarcat Owned by: tpa
Priority: Low Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by anarcat)

Many tickets here are about maintaining the various keyrings required for daily operations at Tor. A few examples include new keys, expiration updates and so on: #27748 , #27748, #27726, #27600, #28891, #28150, #28138, #29455... but there are literally hundreds of such tickets.

Those keys currently get stored in LDAP and require a TPA to make changes, that is in and ssh:// The TPA password manager also has its own keyring subset, see #29677.

Then there's also stuff like the torbrowser signing keys which are not stored in LDAP (#28306), creating another source of truth for keys.

All of this makes key maintenance and discovery difficult. Investigate possible alternatives, including Debian packages (like the one used by debian-archive-keyring), a private keyserver, gpgsync, monkeysphere, or a flock of unicorn. ;)

Child Tickets

Change History (5)

comment:1 Changed 15 months ago by anarcat

this was also somewhat briefly discussed in montreal/2017:

comment:2 Changed 13 months ago by anarcat

Description: modified (diff)

document new keyrings I found.

comment:3 Changed 13 months ago by anarcat

Description: modified (diff)

comment:4 Changed 11 months ago by anarcat

the TBB key is now in account-keyring, and we are considering adding other role keys there. the keys there are published in WKD as well, which makes discovery from the outside easier.

comment:5 Changed 11 months ago by anarcat

another task we might want to automate or make easier is audit for expired keys and retirement for existing keys, see #31214 for such a punctual audit.

Note: See TracTickets for help on using tickets.