long-term GPG signing key

Perry E. Metzger perry at piermont.com
Wed Jan 11 09:04:07 EST 2006

Ian G <iang at systemics.com> writes:
> Travis H. wrote:
>> I'd like to make a long-term key for signing communication keys using
>> GPG and I'm wondering what the current recommendation is for such.  I
>> remember a problem with Elgamal signing keys and I'm under the
>> impression that the 1024 bit strength provided by p in the DSA is not
>> sufficiently strong when compared to my encryption keys, which are
>> typically at least 4096-bit D/H, which I typically use for a year.
> 1. Signing keys face a different set of
> non-crypto threats than to encryption
> keys.  In practice, the attack envelope
> is much smaller, less likely.

I call "bull".

You have no idea what his usage pattern is like, and you have no idea
what the consequences for him of a forged signature key might be. It
is therefore unreasonable -- indeed, unprofessional -- to make such
claims off the cuff.

Perry E. Metzger		perry at piermont.com

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list