Re: Bits from keyring-maint
On Tue, 14 Sep 2010, brian m. carlson wrote:
> Personally, I can't see a reason that using an RSA 4096 bit key should
> be that painful even on very slow machines. You're performing a *single
> RSA encrypt operation* per signature.
Well, the main key is mostly a key-signing key/KSK (although you CAN use it
to directly sign/encript data files), and you use subkeys (which can be
smaller both in size and validity period) to do the grunt work if you don't
want to deal with large signatures or more intensive CPU usage all the time.
So, you could have a main 4096R key valid for 10 years, and attach to it a
2048R subkey valid for one or two years to make things faster, and generate
a new subkey when its about to expire. Subkeys are NOT tied to UIDs (and,
therefore, the web of trust), those are matters for the main key (KSK).
subkeys are only signed by the main key (KSK).
There is a thread about this now in the cryptography ML. If anything really
insteresting shows up there, I will relay it here. I am certainly
interested on our bias towards RSA and away from DSA2 and El-Gammal, for
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot