New control message signing key for Big Eight hierarchies

17 views
Skip to first unread message

Russ Allbery

unread,
Jun 27, 2021, 6:39:30 PM6/27/21
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

The control message signing key for the Big Eight hierarchies has changed.
The new key is 8E181BEF0BE638962C1A5C98FAFE7B550C18C8B7, available from
<https://www.eyrie.org/~eagle/big-8/> and signed with my personal key.
The control message sender and key ID are unchanged.

If you are a news server administrator who accepts signed control messages
for the Big Eight hierarchy, please replace the key in your local keyring
with that new key. The corresponding control.ctl entry is:

## COMP, HUMANITIES, MISC, NEWS, REC, SCI, SOC, TALK (The Big Eight)
# Contact: bo...@big-8.org
# URL: https://www.big-8.org/
# Admin group: news.announce.newgroups
# Key fingerprint: 8E18 1BEF 0BE6 3896 2C1A 5C98 FAFE 7B55 0C18 C8B7
# *PGP* See comment at top of file.
newgroup:*:comp.*|humanities.*|misc.*|news.*|rec.*|sci.*|soc.*|talk.*:drop
rmgroup:*:comp.*|humanities.*|misc.*|news.*|rec.*|sci.*|soc.*|talk.*:drop
checkgroups:group...@isc.org:comp.*|humanities.*|misc.*|news.*|rec.*|sci.*|soc.*|talk.*:verify-news.announce.newgroups
newgroup:group...@isc.org:comp.*|humanities.*|misc.*|news.*|rec.*|sci.*|soc.*|talk.*:verify-news.announce.newgroups
rmgroup:group...@isc.org:comp.*|humanities.*|misc.*|news.*|rec.*|sci.*|soc.*|talk.*:verify-news.announce.newgroups

The control messages for the Big Eight hierarchies (comp.*, humanities.*,
misc.*, news.*, rec.*, sci.*, soc.*, and talk.*) was one of the first
control message signing keys generated and is entirely obsolete and
concerningly weak by modern OpenPGP standards. The new key uses
(relatively) current OpenPGP best practices.

Duplicate control messages will continue to be issued using the old key
for the indefinite future. However, be aware that the old key should not
be considered secure and could probably be brute-forced if someone cared
enough.

- --
Russ Allbery (ea...@eyrie.org) <https://www.eyrie.org/~eagle/>
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE1zk0tJZ0z1zNmsJ4fYAxXFc23nUFAmDY/WgACgkQfYAxXFc2
3nV18Af/UnPGYN3B4S0xsQKKCpwN9b45JIaXmPZZ5cj1CCWFQrTGVqRk1NYjlU68
81hFSUP4KKgt8Gura4YV4pBfq+S6eqZhJqk+fgtLN1STt2AO07LulUBuEp9/McEY
lgBlTiNbuAmKrTHu5GYdz0gS/rI56i+1M2tzGC7zS0E4oOnvTOWkiUdCRljaxPCC
MsawPJsnrZO5zFQWklFWZJGPiDOpwjEnSkuz60q42/3gbEsxl80LYbORGULfrgdg
1rhEpiF9NP0fzWxkR4teB3RY7lh5uh7nNE5Qr3tLD9dRnZbn6cFFH83P2NO0lg50
DOrF0CaloOQ7ffDHsPIWgs5Qw+kmag==
=d6pL
-----END PGP SIGNATURE-----

Charles Lindsey

unread,
Jun 29, 2021, 10:54:01 AM6/29/21
to
On 27/06/2021 23:39, Russ Allbery wrote:
> The control message signing key for the Big Eight hierarchies has changed.
> The new key is 8E181BEF0BE638962C1A5C98FAFE7B550C18C8B7, available from
> <https://www.eyrie.org/~eagle/big-8/> and signed with my personal key.
> The control message sender and key ID are unchanged.

Why is it not also signed by he Old Key (weak as that may be).

Note that it is handy to keep a copy of the older gpg1 around for documents
signed by ancient PGP keys (as control messages for uk.* still are), and gpg1
would still accept the signing of the New Key by the Old Key.

--
Charles H. Lindsey ---------At my New Home, still doing my own thing------
Tel: +44 161 488 1845 Web: https://www.clerew.man.ac.uk
Email: c...@clerew.man.ac.uk Snail-mail: Apt 40, SK8 5BF, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5

Reply all
Reply to author
Forward
0 new messages