FAQ: seeking consensus

Steffen Nurpmeso steffen at sdaoden.eu
Thu Oct 17 21:38:18 CEST 2019


Robert J. Hansen wrote in <99710af5-92ac-dbdd-afe9-d60d89614a76 at sixdemon\
bag.org>:
  ...
 |1.  How should we handle the SKS keyserver attacks?
  ...
 |Another says, "with a recent GnuPG release SKS may be used productively
 |and we should keep the current advice."

I am using them, and have had the sks-keyservers.net in my own
cacert pool for a long time.  I do only import rarely, very
specific keys, and only with supervision, however.  It has always
been like that, and i also always clean keys, since i personally
never really had a glue onto the PGP approach of that web of trust.
I still whimper that the new German passports did not ship with
SSL and PGP keys/certificates.  But that is something different.

  ...
 |2.  What should be done about the FAQ's guidance to use RSA-2048?
 |
 |First, I think everyone agrees it should be removed, as it's just not
 |accurate any more; we've defaulted to RSA-3072 for some time.
 |
 |One option is, "remove it and update the text to refer to RSA-3072, our
 |current default."
 |
 |Another is, "remove it and update the text to refer to ECC, which will
 |be our next default."  (If so: which curve and which lengths do you
 |think should be the default?)
 |
 |(Again, third, fourth, and fifth ways are welcomed.)

This mail only because i want to point out that, if i remember
this correctly, the majority of FreeBSD committers who had a PGP
key used RSA 4096 already in 2002, or around that time.  (4.7
times i think these were.)

 |3.  What should we advise people about their existing RSA-2048 keys?
 |
 |"There's no rush, but migrating them to [whatever our new guidance is]
 |at a deliberate pace is advised, since RSA-2048 isn't expected to be
 |generally safe past 2030"
 |
 |or
 |
 |"Your existing RSA-2048 keys are fine, you don't need to take any action"
 |
 |(Again, third, fourth, and fifth ways are welcomed.)

You know, i would say people should be advised to use the most
compatible, most secure keys available for their "very key".
Regardless of computing cost that is.  And use specific "weaker",
"faster" or whatever keys for specific purposes, like tarball
signing, or whatever.  I have never understood any other advise,
actually.  I have vague memories of a very "conservative" sentence
on the use of PGP keys on the mentioned FreeBSD handbook page, it
must be more than 15 years, and i have only read it once.
I adhered to that, and i now that all the RSA 4096 things i have
produced ever since will be safe for quite some time, maybe even
until i die (which could happen anytime though), unless the
quantum thing explodes somehow (not a mathematician here).

I still have to log into SSH hosts which do not support anything
but RSA (i have only ever used RSA keys, not DSA i think it was,
and am using ED25519 for an increasing number of other hosts).

(P.S.: personally i am also still using GnuPG v1.4.23, in my
private path, even though i have 2.2.17 in /usr here, and the
rotating head of ArchLinux also ships the new one, etc. etc.)

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)



More information about the Gnupg-users mailing list