[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RSA vs ECDSA (Was: Bits from keyring-maint: Pushing keyring updates. Let us bury your old 1024D key!)

On Mon, Mar 3, 2014, at 19:13, Gunnar Wolf wrote:
> As keyring maintainers, we no longer consider 1024D keys to be
> trustable. We are not yet mass-removing them, because we don't want to
> hamper the project's work, but we definitively will start being more
> aggressively deprecating their use. 1024D keys should be seen as
> brute-force vulnerable nowadays. Please do migrate away from them into
> stronger keys (4096R recommended) as soon as possible.

I am not sure what's the timeframe for GnuPG 2.1.0[1] release, but would
it be possible to skip the RSA and go directly for ECDSA, before we
start deprecating DSA? Or at least have an option to do so? (Well,
unless GnuPG 2.1 release is too much far in the future.)

1.
http://lists.gnupg.org/pipermail/gnupg-devel/2011-February/025949.html

O.
-- 
Ondřej Surý <ondrej@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Reply to: