long-term GPG signing key

Perry E. Metzger perry at piermont.com
Wed Jan 11 10:50:02 EST 2006

Ian G <iang at systemics.com> writes:
> Perry E. Metzger wrote:
>> Ian G <iang at systemics.com> writes:
>>>Travis H. wrote:
>>>>I'd like to make a long-term key for signing communication keys using
>>>>GPG and I'm wondering what the current recommendation is for such.  I
>>>>remember a problem with Elgamal signing keys and I'm under the
>>>>impression that the 1024 bit strength provided by p in the DSA is not
>>>>sufficiently strong when compared to my encryption keys, which are
>>>>typically at least 4096-bit D/H, which I typically use for a year.
>>>1. Signing keys face a different set of
>>>non-crypto threats than to encryption
>>>keys.  In practice, the attack envelope
>>>is much smaller, less likely.
>> I call "bull".
>> You have no idea what his usage pattern is like, and you have no idea
>> what the consequences for him of a forged signature key might be. It
>> is therefore unreasonable -- indeed, unprofessional -- to make such
>> claims off the cuff.
> You seem to have missed the next sentance:

No, I didn't.

>     ".... Unless you have
>     particular circumstances, it's not
>     as important to have massive strength in
>     signing keys as it is in encryption keys."

Even in totally ordinary circumstances it is important to have very
strong signing keys. Your comments were insupportable.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list