long-term GPG signing key
Perry E. Metzger
perry at piermont.com
Wed Jan 11 10:50:02 EST 2006
Ian G <iang at systemics.com> writes:
> Perry E. Metzger wrote:
>> Ian G <iang at systemics.com> writes:
>>
>>>Travis H. wrote:
>>>
>>>>I'd like to make a long-term key for signing communication keys using
>>>>GPG and I'm wondering what the current recommendation is for such. I
>>>>remember a problem with Elgamal signing keys and I'm under the
>>>>impression that the 1024 bit strength provided by p in the DSA is not
>>>>sufficiently strong when compared to my encryption keys, which are
>>>>typically at least 4096-bit D/H, which I typically use for a year.
>>>
>>>1. Signing keys face a different set of
>>>non-crypto threats than to encryption
>>>keys. In practice, the attack envelope
>>>is much smaller, less likely.
>> I call "bull".
>> You have no idea what his usage pattern is like, and you have no idea
>> what the consequences for him of a forged signature key might be. It
>> is therefore unreasonable -- indeed, unprofessional -- to make such
>> claims off the cuff.
>
> You seem to have missed the next sentance:
No, I didn't.
> ".... Unless you have
> particular circumstances, it's not
> as important to have massive strength in
> signing keys as it is in encryption keys."
Even in totally ordinary circumstances it is important to have very
strong signing keys. Your comments were insupportable.
Perry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list