[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Moving to stronger keys than 1024D

Paul Wise <pabs@debian.org> writes:

> There are more people using 1024-bit keys than >= 2048-bit keys (in
> debian-keyring.gpg), many of these are active developers, some not so
> active. It would be a major human resources issue for Debian to disable
> all of those keys but I guess it is the only way to get people to
> migrate to stronger keys.

>     654 pub   1024D
>       1 pub   1024R
>      27 pub   2048R
>       2 pub   3072R
>     306 pub   4096R
>       2 pub   8192R
>       1 pub   10240R

I suspect that some of the problem is people feeling like they need to go
through an in-person key signing to get their new key certified, which can
be quite awkward depending on where one lives and how much day-to-day
contact one has with other DDs.  Perhaps we should make more public the
idea that a key transition document signed with both keys and posted
publicly is probably sufficient to warrant signing the new key if one has
signed the old key?  (Assuming that's actually true.)

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: