Ondřej Surý dijo [Tue, Mar 04, 2014 at 08:10:47PM +0100]: > On Mon, Mar 3, 2014, at 19:13, Gunnar Wolf wrote: > > As keyring maintainers, we no longer consider 1024D keys to be > > trustable. We are not yet mass-removing them, because we don't want to > > hamper the project's work, but we definitively will start being more > > aggressively deprecating their use. 1024D keys should be seen as > > brute-force vulnerable nowadays. Please do migrate away from them into > > stronger keys (4096R recommended) as soon as possible. > > I am not sure what's the timeframe for GnuPG 2.1.0[1] release, but would > it be possible to skip the RSA and go directly for ECDSA, before we > start deprecating DSA? Or at least have an option to do so? (Well, > unless GnuPG 2.1 release is too much far in the future.)
Umh, I feel I have to answer this message, but I clearly don't have enough information to do so in an authoritative way¹. AIUI, ECDSA has not been shown to be *stronger* than RSA — RSA works based on modulus operations, ECDSA on curve crypto. ECDSA keys can be smaller and achieve (again, AIUI) the same level of security. But nothing so far shows that RSA will be broken before or after ECDSA. Barring somebody pointing me to the right place to read, my take would be that we should accept both RSA and ECDSA keys (of what minimum size/strength?). It should not be in any way different than what we currently do. But anybody looking at a mistake in my text, *please* correct me! -- ¹ Outside, that is, from the authority vested by delegating me part of keyring-maint ;-)
signature.asc
Description: Digital signature
