what are the sub keys

Jerome Baum jerome at jeromebaum.com
Tue Mar 22 22:22:24 CET 2011


"Robert J. Hansen" <rjh at sixdemonbag.org> writes:

> On 3/22/11 4:05 PM, Jerome Baum wrote:
>> Would you say those users would  be "just fine" with RSA-4096?
>
> No.  As I said, large default keys have problems in the embedded space:
> particularly, they do not work with smart cards, which are getting
> increasingly important.  The previous generation of cards were generally
> RSA-1K devices.  The current generation is moving towards RSA-2K.
>
> I don't think changing the defaults to something that's incompatible
> with smart cards is particularly wise.

Are  you talking  about the  option of  moving a  key to  a  smart card?
Because  if  I  generate  it   on-card,  I  won't  have  the  option  of
RSA-4096. And will "average Joe" really  move his key to a smart card if
he  generated  it off  card?   And does  that  actually  make any  sense
considering it wasn't originally generated on-card?

So considering  that the "smart card"  argument only makes  sense when I
generate  on-card,  and considering  that  gpg  wouldn't offer  RSA-4096
anyway in that case,  how does this make it a bad  idea to have RSA-4096
as the (recommended) default?

Obviously, if  I am not using  a smart card  and doing other stuff  on a
device  that can't cope  with RSA-4096  keys, then  I am  probably smart
enough to ignore the default, right?

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/b02c11a1/attachment.pgp>


More information about the Gnupg-users mailing list