Re: Moving to stronger keys than 1024D

To: debian-project@lists.debian.org
Subject: Re: Moving to stronger keys than 1024D
From: Paul Wise <pabs@debian.org>
Date: Sat, 5 Oct 2013 11:42:57 +0800
Message-id: <[🔎] CAKTje6FnLta3RNqBLxPE0hG6b2Y=Sd2wg1sM_cNtP8oZJ5cn5Q@mail.gmail.com>
In-reply-to: <[🔎] 20131004230239.GA13313@master.debian.org>
References: <[🔎] 20131004230239.GA13313@master.debian.org>

On Sat, Oct 5, 2013 at 7:02 AM, Aníbal Monsalve Salazar wrote:

> It has been considered irresponsible to use 1024D keys at this point in
> time.
>
> What are the plans to disable 1024D keys?

There are more people using 1024-bit keys than >= 2048-bit keys (in
debian-keyring.gpg), many of these are active developers, some not so
active. It would be a major human resources issue for Debian to
disable all of those keys but I guess it is the only way to get people
to migrate to stronger keys.

    654 pub   1024D
      1 pub   1024R
     27 pub   2048R
      2 pub   3072R
    306 pub   4096R
      2 pub   8192R
      1 pub   10240R

> If you think SHA1 is still safe

I note that OpenPGP V4 fingerprints are SHA-1 and OpenPGP V5 doesn't exist yet.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise
http://bonedaddy.net/pabs3/

Reply to:

Follow-Ups:
- Re: Moving to stronger keys than 1024D
  - From: Russ Allbery <rra@debian.org>

References:
- Moving to stronger keys than 1024D
  - From: Aníbal Monsalve Salazar <anibal@debian.org>

Prev by Date: Moving to stronger keys than 1024D
Next by Date: Re: Moving to stronger keys than 1024D
Previous by thread: Moving to stronger keys than 1024D
Next by thread: Re: Moving to stronger keys than 1024D
Index(es):
- Date
- Thread