Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:113919
Return-Path: <bishop.bettini@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 84906 invoked from network); 1 Apr 2021 17:07:37 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 1 Apr 2021 17:07:37 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 36EEB1804DD
	for <internals@lists.php.net>; Thu,  1 Apr 2021 10:05:26 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00,
	FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,
	HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,
	SPF_PASS autolearn=no autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <bishop.bettini@gmail.com>
Received: from mail-yb1-f181.google.com (mail-yb1-f181.google.com [209.85.219.181])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Thu,  1 Apr 2021 10:05:25 -0700 (PDT)
Received: by mail-yb1-f181.google.com with SMTP id w8so2507201ybt.3
        for <internals@lists.php.net>; Thu, 01 Apr 2021 10:05:25 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:reply-to
         :from:date:message-id:subject:to:cc;
        bh=XZSZ+/ZJYtQpqBUM7gxkqWSygxN4+NFbNZe5eqj4GBU=;
        b=Q8BaCs0gNX+KjwYhaeLQNUv+kfUA4hTy30kE7TNAq9aKAwc25PJk+cSf1SIhcrUg/H
         xhJyRdYU/MKZX1FdUru5ZOxDcMMlY8Xnx+Q93RGN85IkW0oastYBmO95S+3FyY0Akc7Z
         9PwR8/kp8+cDesJGwplStaJHHGbxAhGVWl2hQ+Ju3g8M85026EBloCohxCkWsgdjnKSB
         j5OqcUIVo5ZppTbg/drSqenRYVR2xJ+6UtaIzEoOE0xrc0jUmHwDom7LprIkSovaHs2z
         LXfpuqqetKbjIlfS9UuC1wYXVYvV4CRuu7bazZPqKrGGLwx46rDzA5vjMMcZKt7ZzBkK
         UfsQ==
X-Gm-Message-State: AOAM531juVFxb+lfoHP5l/gCZC1Vfs7CIyKGF2IL9TALkou/lLXM78zc
	UGGjezH+rBJsSEUQB0rPKnr7BbvxDx4F6wUg1LE=
X-Google-Smtp-Source: ABdhPJyYzh2idK5elzbJdUrJ1h740qFZDHZzEjvyowwXYj9Mc5J1VUAhpkyj/BIlokLaqoD7UofIQhCF6PjWgfnbRqg=
X-Received: by 2002:a25:b906:: with SMTP id x6mr12506561ybj.504.1617296725305;
 Thu, 01 Apr 2021 10:05:25 -0700 (PDT)
MIME-Version: 1.0
References: <CAF+90c9A6zG-nYzc3NNtWGjN7y5FmwqnYzjq6GSFC5NtRsOT0w@mail.gmail.com>
 <CAN2symg2SueEONzMRndsWEhj6anXmeAQwKg+HzKh-o61bcP0Qg@mail.gmail.com>
 <CAESVnVoPEitSCzmrAR2pRY4zUp4WEBc3a1b3q4H_uh1q8ebVWw@mail.gmail.com>
 <CAEYWF=71sahVwiaPEAYMCfLd+fgZ5FA24bS-LCtzxNW==9H=xg@mail.gmail.com>
 <c0849f5f-4233-d0f1-d00d-29840459070b@gmail.com> <CAEYWF=5PE9MKt_zxU8u+Mv0oHz_Stw3_vVNe1BWfO-5mZ7ab5g@mail.gmail.com>
 <CAESVnVoeXy0NkbD+g4GOp-n2gUQ3G-rkfW-oaTAy4khUgMSUdw@mail.gmail.com>
 <a874febc-af61-cb2d-c16c-3f78daae25c1@gmail.com> <CAESVnVoS68LuXbVMHLm=KrJdJJ2va-WMRxLWWXUW-GrS5joVOg@mail.gmail.com>
In-Reply-To: <CAESVnVoS68LuXbVMHLm=KrJdJJ2va-WMRxLWWXUW-GrS5joVOg@mail.gmail.com>
Reply-To: bishop@php.net
Date: Thu, 1 Apr 2021 13:04:49 -0400
Message-ID: <CAEYWF=41tw+TvNswD8nWhZcYFsbVaXhYPF8+GgQj2BOefBAHjQ@mail.gmail.com>
To: Sara Golemon <pollita@php.net>
Cc: Rowan Tommins <rowan.collins@gmail.com>, PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="000000000000ceeb4605beec3cee"
Subject: Re: [PHP-DEV] Changes to Git commit workflow
From: bishop@php.net (Bishop Bettini)

--000000000000ceeb4605beec3cee
Content-Type: text/plain; charset="UTF-8"

On Thu, Apr 1, 2021 at 12:24 PM Sara Golemon <pollita@php.net> wrote:

> On Thu, Apr 1, 2021 at 11:19 AM Rowan Tommins <rowan.collins@gmail.com>
> wrote:
>
> > On 01/04/2021 15:59, Sara Golemon wrote:
> > > On Thu, Apr 1, 2021 at 9:21 AM Bishop Bettini <bishop@php.net
> > > <mailto:bishop@php.net>> wrote:
> > >
> > >     I also added a FAQ.
> > >
> > >
> > > I disagree with the position this document takes on immortal keys.  We
> > > should encourage best-practices with the knowledge that some people
> > > will weaken their security with an immortal key, not start from a weak
> > > position and suggest that adhering to best practices is "paranoid".
> >
> >
> > I've been looking around, and most of what I can find says that expiring
> > a primary key which you use directly for signing has very little value,
> > because anyone who has the private key and passphrase can change the
> > expiry date at any time.  See for example:
> > https://security.stackexchange.com/q/14718/51961
> >
> > The main use case seems to be when using sub-keys, where the primary key
> > (with no expiry) is kept offline, and new sub-keys are generated from it
> > regularly (e.g. once a year) with an appropriate expiry date.
> >
> > This is based only on a few hours of searching online, however, so I'd
> > be happy to see a better explanation of how to use expiry effectively.
> >
> >
> Yeah, I just got told the same offline.  That's.... depressing.  Not
> surprising when one thinks about it more, but still depressing.
>

Appreciate the feedback, Sara and Rowan!

I think there was still opportunity to improve that section, so I adjusted
the language to be less accusatory and highlight the essential limitations.

--000000000000ceeb4605beec3cee--