have gnupg 1.0.7 gonna publish my key.

Adrian von Bidder avbidder@fortytwo.ch
Thu Sep 26 15:09:02 2002


--=-F4lR+E8JrOSJ9Xt3M03q
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

[could you consider cutting your lines to something around 72 chars?]

On Wed, 2002-09-25 at 23:29, Newton Hammet wrote:
>=20
> Hello GnuPG users,
>=20
>    I am getting ready to publish my keyserver to www.keyserver.net... tha=
t place looks pretty user
> friendly.

Hmm. (I don't find their website userfriendly, but that's not the
point). The two problems I see with keyserver.net is
 - reliability: keyserver.net seems not to synchronize their keyrings
with the wwwkeys.pgp.net keyservers; of their keyservers I could only
ever reach belgium.keyserver.net reliable.
 - ideology: keyserver.net is based on a proprietary keyserver software,
and to me it's not clear who is involved with operating their keyserver
'network' (if there is one, see above).=20

wwwkeys.pgp.net (and wwwkeys.<countrycode>.pgp.net) is a network of
keyservers with mostly reliable synchronisatian, and running mostly
(entirely?) on open software.

>=20
>    So far I have done the following things:
>=20
> 1. Use gpg --gen-key/edit-key to generate a 2048-bit RSA signing only key=
, with a 2048-bit RSA
> encryption only key as a secondary key.

Ok.

> 2. Used a passphrase that is probably long and obscure enough make cracki=
ng difficult.=20
>   (Downside is carpal tunnel typing the damn thing in.)

Ok.

> 3. Generated in advance my revoking certificate, and then encrypted it wi=
th symmetric-key encryption
> and destroyed the unencryped version of the revoke cert.

Ok. Are you sure you will remember where you got that key to decrypt the
revocal cert? Probably better to print the revocation certificate and
store it as a paper copy in a secure location, so even worst case data
loss will not kill it. It's not too long to type if the emergency really
will occur, after all.

>=20
> Haven't uploaded anything yet.  I am prepared to, but notice a lot of peo=
ple with 1024-bit keys.
>=20
> Wondering if whether or not I will be drawing lots of attention to myself=
 with a 2048-bit key.=20
> (What is
> he trying to hide?)  I didn't see any others out there with 2048-bit keys=
, so I wonder.

I doubt anybody will really notice. 1024 bit are the default right now,
so most people go with that. There are quite a few bigger keys out there
- chosing key size is just a question of judging how fast computers will
get (or if there will be any major maths breakthrough) in the future,
peoples opinions vary.

>=20
> (William Jefferson Clinton has a 1024-bit key, but Al Gore, (inventor of =
the internet) does not,
> apparently... lol)

Clinton, really!? And who told you this? I hope you've read about the
idea behind the web of trust, and how to make sure that a key really
belongs to the 'right' owner. The one key on wwwkeys.pgp.net keyserver
does not have any signatures on it...

>=20
> Comments are welcome.  I probably won't change from RSA though, cause I l=
ike that algorithm. Don't
> know if DSA or ELGamal are more secure for same key length though. I thin=
k ElGamal may be secure
> even
> if there is a breakthrough in factoring but only if that does not also me=
an a breakthrough in
> finding
> descrete logarithms.... Don't know.

Depending on the people you will exchange messages with, you may want to
double-check for interoperability problems with other openpgp
implementations (PGP, hushmail) as your key is not the default.

cheers
-- vbi

--=20
secure email with gpg                           http://fortytwo.ch/gpg

NOTICE: subkey signature! request key 92082481 from keyserver.kjsl.com

--=-F4lR+E8JrOSJ9Xt3M03q
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iEYEABECAAYFAj2TBz4ACgkQKqpm2L3fmXo6OQCgt+a62ZJOoimQjJ4Qqx6bhEnB
tnsAn2jqwyA2U/HPaa/7D5xKakKvGSMQ
=40Lq
-----END PGP SIGNATURE-----

--=-F4lR+E8JrOSJ9Xt3M03q--