On Fri, 21 Jul 2017, Clint Adams wrote: > On Fri, Jul 21, 2017 at 10:11:50AM -0300, Dererk wrote: > > Is any ECC crypto set allowed by FTP-Master/Debian Keyring Manaintainers > > by these days? I understand it has not been accepted as part of the > > gnupg/opengpg standards. > > ECC for OpenPGP is in RFC 6637. EdDSA is in draft, though, as I read > it, GnuPG's Curve25519 implementation is in violation of RFC 4880bis.
Hmm, not only that, but gnupg's non-NIST ECC key sizes are a bit on the smaller size right now (about as safe as RSA-2k or RSA-3k, I believe?). Since this is gnupg 2+ territory only anyway, might as well have a large RSA *master* key (8192+ bits -- this security margin against implementation issues such as CVE-2017-7526, which leaks a truckload of private key bits, enough to completely expose RSA-1024 private keys), and EdDSA subkeys that get rotated yearly... There is at least one major annoyance when dealing with low-longevity keys, though: signatures in VCS repositories, etc. For git, you can simply resign the tags and document that this will happen appropriately *well in advance*, but signed commits will pester people about expired keys forever (no ways around this one, it is a desired design decision, it would have to be dealt with in the UI). -- Henrique Holschuh _______________________________________________ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
