Moin! Gunnar Wolf <gwolf@gwolf.org> writes: > Ondřej Surý dijo [Tue, Mar 04, 2014 at 08:10:47PM +0100]: >> On Mon, Mar 3, 2014, at 19:13, Gunnar Wolf wrote: >> > As keyring maintainers, we no longer consider 1024D keys to be >> > trustable. We are not yet mass-removing them, because we don't want to >> > hamper the project's work, but we definitively will start being more >> > aggressively deprecating their use. 1024D keys should be seen as >> > brute-force vulnerable nowadays. Please do migrate away from them into >> > stronger keys (4096R recommended) as soon as possible. >> >> I am not sure what's the timeframe for GnuPG 2.1.0[1] release, but would >> it be possible to skip the RSA and go directly for ECDSA, before we >> start deprecating DSA? Or at least have an option to do so? (Well, >> unless GnuPG 2.1 release is too much far in the future.) Note that this also requires a backported gnupg 2.1 on every debian service processing signatures (and everyone else who should interpret these) -- I'd asume this is only really feasible post jessie (assuming jessie gets a new enough gnupg). Christoph
Attachment:
pgplLbpTSwfzf.pgp
Description: PGP signature