Simon Josefsson simon@josefsson.org writes:
This makes me wonder a bit. How big is the benefit to use the same Sigsum private/public key for multiple continous releases?
Could I just generate a fresh key, sign, and then throw it away after posting the release announcement?
It's important that verifiers (users of the signed releases) and monitors agree on the sigsum public key. And monitors should keep an eye out for new signatures by that key more or less forever.
I imagine that would be easier to arrange with a long-lived key.
Should I do a Sigsum key rollover at the same frequency of PGP key rollover? Are there any recommendations about Sigsum key lifecycle management?
If practical, I think it would make sense to use the same key for PGP signing and for signing the corresponding Sigsum leaf. Both signatures express the same thing, i.e., that a certain blod is an authentic releaese. If you do that, users can skip PGP verification if they instead do sigsum verification.
The only trustworthy way to discover the Sigsum public key used to sign my releases will be via PGP signed announcement e-mail.
Bootstrapping is hard as usual. I guess most users (if they're not able to exhange keys with you in person or via some solid web of trust) will get pubkeys from some authentic-looking https web site, and hence depend on web-pki. (Some key-transparency machinery for release keys could be useful, but not so easy).
Regards, /Niels