I'd like to make a long-term key for signing communication keys using GPG and I'm wondering what the current recommendation is for such. I remember a problem with Elgamal signing keys and I'm under the impression that the 1024 bit strength provided by p in the DSA is not sufficiently strong when compared to my encryption keys, which are typically at least 4096-bit D/H, which I typically use for a year.
The whole reason I'm using a signing key is that I have numerous older keys which have now expired and so the signatures on them are worthless. I don't attend many keysigning parties so it's hard to make the system work without collecting signatures over a long period on some very high strength key. Also, I'd like to use the signing key as a kind of identity, not tied to any particular email address, and only used to sign communication keys, which *are* tied to a email address and have shorter expiration times. Does anyone have any suggestions on how to do this, or suggestions to the effect that I should be doing something else? -- "If I could remember the names of these particles, I would have been a botanist" -- Enrico Fermi -><- http://www.lightconsulting.com/~travis/ GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]