[145867] in cryptography@c2.net mail archive
Re: Debian encouraging use of 4096 bit RSA keys
daemon@ATHENA.MIT.EDU (Henrique de Moraes Holschuh)
Tue Sep 14 19:12:15 2010
Date: Tue, 14 Sep 2010 12:01:22 -0300
From: Henrique de Moraes Holschuh <hmh@debian.org>
To: "Perry E. Metzger" <perry@piermont.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <20100914081552.7eec6fc5@jabberwock.cb.piermont.com>
On Tue, 14 Sep 2010, Perry E. Metzger wrote:
> The decision that 1024 bit keys are inadequate for code signing is
> likely reasonable. The idea that 2048 bits and not something between
> 1024 bits and 2048 bits is a reasonable minimum is perhaps arguable.
> One wonders what security model indicated 4096 bits is the ideal
> length....
Key lifetime in Debian can be very long, 10 to 15 years.
I'd appreciate some input from this list about the Debian bias towards 4096
RSA main keys, instead of DSA2 (3072-bit) keys. Is it justified?
These keys are used as KSK, as gpg will happily attach subkeys to them
for the grunt work...
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
