[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Moving to stronger keys than 1024D

Paul Wise <pabs@debian.org> writes:

> There are more people using 1024-bit keys than >= 2048-bit keys (in
> debian-keyring.gpg), many of these are active developers, some not so
> active. It would be a major human resources issue for Debian to disable
> all of those keys but I guess it is the only way to get people to
> migrate to stronger keys.

>     654 pub   1024D
>       1 pub   1024R
>      27 pub   2048R
>       2 pub   3072R
>     306 pub   4096R
>       2 pub   8192R
>       1 pub   10240R

I suspect that some of the problem is people feeling like they need to go
through an in-person key signing to get their new key certified, which can
be quite awkward depending on where one lives and how much day-to-day
contact one has with other DDs.  Perhaps we should make more public the
idea that a key transition document signed with both keys and posted
publicly is probably sufficient to warrant signing the new key if one has
signed the old key?  (Assuming that's actually true.)

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: