[19587] in cryptography@c2.net mail archive
Re: long-term GPG signing key
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Wed Jan 11 09:04:39 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: Ian G <iang@systemics.com>
Cc: "Travis H." <solinym@gmail.com>, cryptography@metzdowd.com
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 11 Jan 2006 09:04:07 -0500
In-Reply-To: <43C3DC84.3040004@systemics.com> (Ian G.'s message of "Tue, 10
Jan 2006 16:10:44 +0000")
Ian G <iang@systemics.com> writes:
> Travis H. wrote:
>> I'd like to make a long-term key for signing communication keys using
>> GPG and I'm wondering what the current recommendation is for such. I
>> remember a problem with Elgamal signing keys and I'm under the
>> impression that the 1024 bit strength provided by p in the DSA is not
>> sufficiently strong when compared to my encryption keys, which are
>> typically at least 4096-bit D/H, which I typically use for a year.
>
> 1. Signing keys face a different set of
> non-crypto threats than to encryption
> keys. In practice, the attack envelope
> is much smaller, less likely.
I call "bull".
You have no idea what his usage pattern is like, and you have no idea
what the consequences for him of a forged signature key might be. It
is therefore unreasonable -- indeed, unprofessional -- to make such
claims off the cuff.
--
Perry E. Metzger perry@piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
