Xavier Roche dijo [Wed, Mar 05, 2014 at 06:47:13PM +0100]: > > I would tend to side more with Odyx here in that the keys are still > > considered trustworthy enough to be in the keyring but we're encouraging > > moving to stronger keys and no longer accepting these keys to be > > included. > > Yes, this was my thoughts, too. > > Or, to rephrase it: 1024D keys will "soon" be breakable (let's say in > few years), but at this present time, they are still trustworthy enough > to allow transition. > > It doesn't mean that eventually, they'll be considered untrustworthy, later.
Right. But we do want to phase them out *completely* before they are considered untrustworthy: We want to push gently as far as possible so that most active DDs have 4096R, and then only deal with the long tail of deprecated keys *while still not exposing ourselves* to impersonation.
signature.asc
Description: Digital signature
