Re: Bits from keyring-maint: Pushing keyring updates. Let us bury your old 1024D key!

To: <debian-devel@lists.debian.org>
Subject: Re: Bits from keyring-maint: Pushing keyring updates. Let us bury your old 1024D key!
From: "Jeremy T. Bouse" <jbouse@debian.org>
Date: Tue, 04 Mar 2014 08:24:46 -0500
Message-id: <[🔎] a24f8679c031b0b76e8ed5cc0a9f47d4@undergrid.net>
In-reply-to: <[🔎] CAOnWdojPi_0YoUr1fZaSz5Hs5_FZw2eUxXDN-ZFWUoeOamB9+Q@mail.gmail.com>
References: <20140303181359.GA68761@gwolf.org> <[🔎] CAOnWdojPi_0YoUr1fZaSz5Hs5_FZw2eUxXDN-ZFWUoeOamB9+Q@mail.gmail.com>

I've actually been in the process of working to transition from myexisting to 1024D key I created back in 2002 with my new 4096R key Icreated in 2011 that I use 3072R subkeys on a OpenPGP v2 smartcard.Unfortunately I haven't been able to get together with any other DDs toperform a key signing to get my new key sufficient enough to make thefinal transition. I notified everyone who had previously signed mycurrent 1024D key but haven't been able to travel to make any majorevents and it's so far only signed by those that have attended local LUGkeysignings in the past 2 years or individuals that have arranged to gettogether privately to do a key signing.

If any DDs are in, or will be, the Atlanta area and would like to gettogether for a key signing I would be more than welcome to get togetherand make the transition as I currently don't even bother to keep my1024D key with me for use anymore and only carry my smartcard with the3072R subkeys while my 4096R primary key is still left secured in myfire safe at home on the encrypted USB drive it resides on.

Current 1024D policy URL:http://undergrid.net/legal/gpg/policy/20091121

Transition statement: http://undergrid.net/legal/gpg/policy/20111223
New 4096D policy URL: http://undergrid.net/legal/gpg/policy/20111224

On 03.03.2014 14:37, Reuben Thomas wrote:

On 3 March 2014 18:13, Gunnar Wolf <gwolf@gwolf.org [1]> wrote:

As keyring maintainers, we no longer consider 1024D keys to be
trustable. We are not yet mass-removing them, because we dont want
to
hamper the projects work, but we definitively will start being more
aggressively deprecating their use. 1024D keys should be seen as
brute-force vulnerable nowadays. Please do migrate away from them
into
stronger keys (4096R recommended) as soon as possible.

Please could you change https://wiki.debian.org/DebianMaintainer [2],which currently says a ">= 2048 bit" key is required (I assume thisis

still correct) but does not specifically recommend 4096? I recently
became a DM, and created a 2048 bit key to do so, as that satisfied
the advice given on that page, and also happened to be the default
length offered by GPG on my system. Only after Id had it signed and
uploaded it did I find advice that new keys should be 4096 bits.

(Ive already reported this issue in a couple of different places; the
page is not user-editable or Idve fixed it myself!)


Links:
------
[1] mailto:gwolf@gwolf.org
[2] https://wiki.debian.org/DebianMaintainer

Reply to:

Follow-Ups:
- Re: Bits from keyring-maint: Pushing keyring updates. Let us bury your old 1024D key!
  - From: Thomas Goirand <zigo@debian.org>

References:
- Re: Bits from keyring-maint: Pushing keyring updates. Let us bury your old 1024D key!
  - From: Reuben Thomas <rrt@sc3d.org>

Prev by Date: Bug#740728: ITP: yorick-ynfft -- nonequispaced fast Fourier transform for Yorick
Next by Date: Re: Bits from keyring-maint: Pushing keyring updates. Let us bury your old 1024D key!
Previous by thread: Re: Bits from keyring-maint: Pushing keyring updates. Let us bury your old 1024D key!
Next by thread: Re: Bits from keyring-maint: Pushing keyring updates. Let us bury your old 1024D key!
Index(es):
- Date
- Thread