On Tue, Jun 14, 2016 at 11:29:08AM +0800, gustavo panizzo (gfa) wrote:
> On Mon, Jun 13, 2016 at 12:24:42PM -0500, Gunnar Wolf wrote:
> > Aníbal Monsalve Salazar dijo [Mon, Jun 13, 2016 at 09:36:50PM +1000]:
> > > >(...)
> > > > Curently, I have 62 keys listed at [1]:
> > > >
> > > > 1 ed25519
> > > > 1 rsa3072
> > > > 60 rsa4096
> > > >
> > > > If you have an ed25519 key and would like to include it in the DC16
> > > > keyring, send me a signed message with its fingerprint.
> > >
> > > I'll will need the corresponding public key as you may not be able
> > > to uplod an ed25519 key to a keyserver.
> > >
> > > > If you don't have an ed25519 key and would like to create your own
> > > > ECC key (not the ones recommended by NIST, which may have NSA
> > > > backdoors [2]), please read the information by NIIBE Yutaka at [3].
> >
> > Please also do note that the Debian infrastructure is not able to
> > handle ECC keys yet, and won't be for a couple of years; of course, if
> > you want to start building trust around your ED25519 key, we can start
> > signing it, but it will not be usable as your key for Debian work in a
> > long time.
>
> Would make sense to have ed25519 subkey(s) under an RSA master key?
It's pretty much the only sensible option at present, unless you have a
particularly niche use case. There are already some keys in the Debian
keyring of this format.
The important factor to remember is that gnupg 1.x and gnupg 2.0 will
not be able to use the ECC subkeys, so there is no way within jessie to
make use of them.
There's also no need to rush to add an ECC subkey before the keysigning;
new subkeys can be added at any time and do not affect the signatures
received at a keysigning (which are over UIDs).
J.
--
"Scattered f***ing showers my | .''`. Debian GNU/Linux Developer
ass." -- Noah | : :' : Happy to accept PGP signed
| `. `' or encrypted mail - RSA
| `- key on the keyservers.
Attachment:
signature.asc
Description: Digital signature