This is a side discussion related to the recent discussion on this list about verifying GNU package integrity through cryptographic signatures.
Debian requires OpenPGP/GPG signatures for package uploading to their FTP archive. Currently, Debian recommends a 4096-bit public key (RSA), and they recommend using SHA2 instead of the default SHA1, because of the discovery of attacks on SHA1. You can see the current recommendations here: https://keyring.debian.org/creating-key.html with material copied from Ana's Blog: http://ekaia.org/blog/2009/05/10/creating-new-gpgkey/ Also, I am not a cryptography expert, but the strength of elliptic curve cryptography has recently become suspect; see for example: https://threatpost.com/nsas-divorce-from-ecc-causing-crypto-hand-wringing/115150/ and https://www.isaca.org/Journal/archives/2016/volume-3/Pages/can-elliptic-curve-cryptography-be-trusted.aspx Accordingly, I recommend that section 11.6 of the _Information for Maintainers of GNU Software_ guide, "Automated FTP Uploads", be updated to state that future keys be 4096-bit RSA keys and use SHA2, as per the recommendations on the Debian link above and on Ana's Blog. I do not think there is a practical reason for generating weaker keys. Can anyone with more expertise in cryptography weigh in on this, and on RSA versus El Gamal as pertains to signing GNU packages? I am blind copying [email protected] so that email address does not become inundated with responses that I expect on this list. Thank you, Paul Hardy
