[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RSA vs ECDSA (Was: Bits from keyring-maint: Pushing keyring updates. Let us bury your old 1024D key!)

On Tue, Mar 04, 2014 at 08:10:47PM +0100, Ondrej Surý wrote:
> On Mon, Mar 3, 2014, at 19:13, Gunnar Wolf wrote:
> > As keyring maintainers, we no longer consider 1024D keys to be
> > trustable. We are not yet mass-removing them, because we don't want to
> > hamper the project's work, but we definitively will start being more
> > aggressively deprecating their use. 1024D keys should be seen as
> > brute-force vulnerable nowadays. Please do migrate away from them into
> > stronger keys (4096R recommended) as soon as possible.
> 
> I am not sure what's the timeframe for GnuPG 2.1.0[1] release, but would
> it be possible to skip the RSA and go directly for ECDSA, before we
> start deprecating DSA? Or at least have an option to do so? (Well,
> unless GnuPG 2.1 release is too much far in the future.)

Do you have any idea which curves and/or signature algorithms are
supported?  I think I would like to see EdDSA in that case.

I would also like to see that they get started on PGP v5.


Kurt
Reply to: