multiple subkeys and key transition
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Dec 9 19:01:39 CET 2010
On 12/09/2010 09:08 AM, Robert J. Hansen wrote:
> On 12/9/2010 1:14 AM, Ben McGinnes wrote:
>> I am giving very serious thought to creating new keys and
>> doing a (long-term) transition to them. This is partly to respond to
>> known flaws with SHA-1 and take advantage of SHA-256 and higher.
> My best counsel is: don't, at least not yet.
Sorry, but i have to disagree with Robert on this (yes, i'm the author
of the blog post you linked to earlier). If you want to switch to
stronger algorithms, now is a reasonable time to do it.
> First, there are no imminent practical attacks on SHA-1.
That we know of, anyway. Nonetheless, its use for digital signatures
has been strongly deprecated by groups like NIST. See  for links to
> Second, the
> OpenPGP Working Group ("the WG") is currently figuring out how to get
> SHA-1 out of the OpenPGP spec and how to replace it with something better.
This discussion currently seems to be idle, so i would not wait on it.
We need to get the discussion going again, certainly.
> If you do a transition now, it's possible you'll want to transition
> again in six months or a year once the WG updates the RFC.
This statement seems to assume that the RFC can't or won't be updated in
a way that people could make the transition using the same key material,
assuming they were using strong enough keys and digests in the first place.
My own personal bottom line: i've been using digests from the SHA-2
family for well over a year now (and larger RSA keys for twice that
time) and have had no interoperability problems.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 900 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users