Re: [Debconf-discuss] DebConf17: Last call for keys for keysigning in Montreal, Canada
On Fri, 21 Jul 2017, Clint Adams wrote:
> On Fri, Jul 21, 2017 at 10:11:50AM -0300, Dererk wrote:
> > Is any ECC crypto set allowed by FTP-Master/Debian Keyring Manaintainers
> > by these days? I understand it has not been accepted as part of the
> > gnupg/opengpg standards.
>
> ECC for OpenPGP is in RFC 6637. EdDSA is in draft, though, as I read
> it, GnuPG's Curve25519 implementation is in violation of RFC 4880bis.
Hmm, not only that, but gnupg's non-NIST ECC key sizes are a bit on the
smaller size right now (about as safe as RSA-2k or RSA-3k, I believe?).
Since this is gnupg 2+ territory only anyway, might as well have a large
RSA *master* key (8192+ bits -- this security margin against
implementation issues such as CVE-2017-7526, which leaks a truckload of
private key bits, enough to completely expose RSA-1024 private keys),
and EdDSA subkeys that get rotated yearly...
There is at least one major annoyance when dealing with low-longevity
keys, though: signatures in VCS repositories, etc. For git, you can
simply resign the tags and document that this will happen appropriately
*well in advance*, but signed commits will pester people about expired
keys forever (no ways around this one, it is a desired design decision,
it would have to be dealt with in the UI).
--
Henrique Holschuh
Reply to: