Ian G <[EMAIL PROTECTED]> writes: > Travis H. wrote: >> I'd like to make a long-term key for signing communication keys using >> GPG and I'm wondering what the current recommendation is for such. I >> remember a problem with Elgamal signing keys and I'm under the >> impression that the 1024 bit strength provided by p in the DSA is not >> sufficiently strong when compared to my encryption keys, which are >> typically at least 4096-bit D/H, which I typically use for a year. > > 1. Signing keys face a different set of > non-crypto threats than to encryption > keys. In practice, the attack envelope > is much smaller, less likely.
I call "bull". You have no idea what his usage pattern is like, and you have no idea what the consequences for him of a forged signature key might be. It is therefore unreasonable -- indeed, unprofessional -- to make such claims off the cuff. -- Perry E. Metzger [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
