add subkey vs generate new set?
David Shaw
dshaw at jabberwocky.com
Fri Oct 17 05:48:05 CEST 2008
On Oct 16, 2008, at 6:01 PM, Werewolf wrote:
> Another Pondering as every year need bigger bit sized keys to be
> secure
> Benefits and Cons
>
> Wondering if adding a bigger encryption/signing sub keys to current
> key
> on keyserver leaves the benefit keeping the same finger print? So
> don't
> have inform all your corresondences to get a new key from you? They
> just have --refresh their public keyrings
> Over
> Just setting old key to expire and Generate a new set, collect
> signatures again, change info on web pages and/or bussiness cards?
It depends on how many signatures you have. If you have none, or just
a handful that could be easily gotten again, then it doesn't matter
much. Otherwise, there is a real benefit to adding subkeys to your
existing key.
It is not true, though, that you need continually bigger keys to be
secure. You just need (somewhat) bigger keys than the current best
attack to be secure. The default size in GPG is 2048, which is
extremely safe. When in doubt, use the default.
David
More information about the Gnupg-users
mailing list