[19593] in cryptography@c2.net mail archive
Re: long-term GPG signing key
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Wed Jan 11 13:48:05 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: Ian G <iang@systemics.com>
Cc: "Travis H." <solinym@gmail.com>, cryptography@metzdowd.com
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 11 Jan 2006 10:50:02 -0500
In-Reply-To: <43C52136.1090802@systemics.com> (Ian G.'s message of "Wed, 11
Jan 2006 15:16:06 +0000")
Ian G <iang@systemics.com> writes:
> Perry E. Metzger wrote:
>> Ian G <iang@systemics.com> writes:
>>
>>>Travis H. wrote:
>>>
>>>>I'd like to make a long-term key for signing communication keys using
>>>>GPG and I'm wondering what the current recommendation is for such. I
>>>>remember a problem with Elgamal signing keys and I'm under the
>>>>impression that the 1024 bit strength provided by p in the DSA is not
>>>>sufficiently strong when compared to my encryption keys, which are
>>>>typically at least 4096-bit D/H, which I typically use for a year.
>>>
>>>1. Signing keys face a different set of
>>>non-crypto threats than to encryption
>>>keys. In practice, the attack envelope
>>>is much smaller, less likely.
>> I call "bull".
>> You have no idea what his usage pattern is like, and you have no idea
>> what the consequences for him of a forged signature key might be. It
>> is therefore unreasonable -- indeed, unprofessional -- to make such
>> claims off the cuff.
>
> You seem to have missed the next sentance:
No, I didn't.
> ".... Unless you have
> particular circumstances, it's not
> as important to have massive strength in
> signing keys as it is in encryption keys."
Even in totally ordinary circumstances it is important to have very
strong signing keys. Your comments were insupportable.
Perry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
