On 07/06/2018 07:49 AM, Ulrich Mueller wrote: >>>>>> On Thu, 5 Jul 2018, Jonas Stein wrote: > >>> b. RSA, >=2048 bits (OpenPGP v4 key format or later only) >>> >>> + c. ECC curve 25519 >>> + >>> 4. Key expiry: 5 years maximum >>> 5. Upload your key to the SKS keyserver rotation before usage! > >> I think we should ensure first that everything works fine with ECC. >> Last time I checked, ECC was a nightmare. > >> Some SKS server could not handle ECC... and so on. > > IIRC, it has also been pointed out that ECC is not part of the OpenPGP > standard (yet)? >
Right, the NIST curves prime curves are defined in RFC6637 but Curve25519/EdDSA is only implemented in GnuPG and part of the draft rfc4880bis (WG isn't currently active, so not expected a v5 any time soon). ECC is also only implemented in gnupg >=2.1 , so as mentioned earlier, gnupg 1.4 (which is still maintained and often used for smaller footprint or backwards compat to v3 keys) will not be able to use it. > Maybe we should better omit it. It shouldn't be too complicated for > developers to add a dedicated RSA signing key for Gentoo if necessary > (especially, since someone using ECC could be considered an advanced > GnuPG user). If the primary key is ECC, clients not supporting it won't be able to use the key material even if the signing subkey is RSA. > > Ulrich > -- Kristian Fiskerstrand OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
signature.asc
Description: OpenPGP digital signature
