multiple subkeys and key transition

Ben McGinnes ben at
Fri Dec 10 01:33:11 CET 2010

On 10/12/10 10:55 AM, Robert J. Hansen wrote:
> On 12/9/2010 6:18 PM, Ben McGinnes wrote:
>> The last bit of documentation I saw on ECC is a little old and stated
>> that it wasn't well known enough to consider using.  I guess that's
>> changed now.
> Back in 2000 or so, the consensus was that ECC was too new and
> rested on some dicey conjectures.

The last thing I read on ECC was Sam Simpson's FAQ on PGP, which was
published in 1999 and was saying exactly that.

> Since the proof of the Taniyama-Shimura conjecture (or, as it's now
> called, Wiles' Theorem), ECC's theoretical underpinnings seem to be
> on fairly solid ground.

That's a fairly significant update.

> The National Security Agency has approved ECC for use in its Suite B
> of cryptographic algorithms, and has authorized it for protection of
> the highest levels of state secrets (TS/SCI) when used with 384-bit
> ECC keys.
> John's information (that Suite B was authorized for SECRET) is
> correct: he was looking at the bit about Suite B that relates to
> 256-bit ECC keys.

The DSD over here have fairly similar recommendations, but then they
work very closely with the NSA.  The unclassified version of their
Information Security Manual is here:

> The NSA is quite good about publishing its real information security
> policies.  They have a *lot* of contractors who work with them, and

And a lot of vendors supporting those contractors and other personnel.

> keeping the rules for how to secure classified information hidden
> would ultimately only harm overall operational security.  They
> *want* people to know the right way to take care of TS/SCI material.
> They never want to hear someone say, "sure, I sent that TS/SCI file
> in plaintext.  Wait, I wasn't supposed to do that?  I was never
> told!  Why aren't those rules on your website?"

It doesn't help if the rules are ignored, though, as recent events
have demonstrated.  I've no doubt there are people inside the NSA
reaching for the LARTs and the Clue-by-Fours.  ;)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20101210/8519fee6/attachment.pgp>

More information about the Gnupg-users mailing list