Hi John-- On 07/19/2010 11:14 PM, John Goerzen wrote: > I would like to participate in the keysigning, but I am confused about > thie "cross sign your keys" bit. What is this second key I should be > using and why? We're hoping to have a solid post-SHA1 web-of-trust before a functional attack on that digest algorithm surfaces. The algorithm is already known to be significantly weaker than its mathematical ideal and collision attacks are arguably within reach of well-funded organizations. In addition to the digest algorithms, we're hoping to see primary key lengths of reasonable size. Your current key (afaict) is a 1024-bit DSA key, which by definition relies on SHA-1. RSA keys of 2048-bits or longer are recommended, with self-certifications using SHA-256 or stronger. More detailed recommendations can be found here: https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#openpgp-key-checks If you do decide to make a new primary key, you can sign it with your old key. hth, --dkg
Attachment:
signature.asc
Description: OpenPGP digital signature