RSA vs ECDSA (Was: Bits from keyring-maint: Pushing keyring updates. Let us bury your old 1024D key!)

To: Ondřej Surý <ondrej@sury.org>
Cc: debian-devel@lists.debian.org
Subject: RSA vs ECDSA (Was: Bits from keyring-maint: Pushing keyring updates. Let us bury your old 1024D key!)
From: peter green <plugwash@p10link.net>
Date: Wed, 05 Mar 2014 05:54:51 +0000
Message-id: <[🔎] 5316BC2B.7040606@p10link.net>


I am not sure what's the timeframe for GnuPG 2.1.0[1] release, but would
it be possible to skip the RSA and go directly for ECDSA, before we
start deprecating DSA? Or at least have an option to do so? (Well,
unless GnuPG 2.1 release is too much far in the future.)

IMO we need to phase out 1024 bit RSA/DSA keys as soon as reasonabllypractical. Even if gnupg 2.1 was released tomorrow we would still havethe problem of Debian stable releases and other distros carrying olderversions.

Also ECDSA shares with DSA the serious disadvantage over RSA that makingsignatures on a system with a broken RNG can reveal the key.

Reply to:

Follow-Ups:
- Re: RSA vs ECDSA (Was: Bits from keyring-maint: Pushing keyring updates. Let us bury your old 1024D key!)
  - From: Ondřej Surý <ondrej@sury.org>
- Re: RSA vs ECDSA (Was: Bits from keyring-maint: Pushing keyring updates. Let us bury your old 1024D key!)
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: Bug#740800: ITP: python-crontab -- Python module for reading and writing crontab files
Next by Date: Re: Bits from the autopkgtest maintainer
Previous by thread: Re: RSA vs ECDSA (Was: Bits from keyring-maint: Pushing keyring updates. Let us bury your old 1024D key!)
Next by thread: Re: RSA vs ECDSA (Was: Bits from keyring-maint: Pushing keyring updates. Let us bury your old 1024D key!)
Index(es):
- Date
- Thread