There are a number of differences in key management priorities between (communication) signature and encryption keys.
For encryption keys: - you want short lived keys - you should wipe the keys after at first opportunity - for archiving you should re-encrypt with storage keys - you can't detect or prove an encryption key is compromised as the attacker will just be decrypting documents For signature keys: - you want longer lived keys (or two tier keys, one for ceritfying that is kept offline, and one for signing communications that is offline) - in fact many applications dont even want signatures they want authentication (convince the recipient of author and integrity, but be non-transferable) - with signature keys if they are compromised and the compromised key used, there is risk (to the attacker) that the recipient or others can detect and prove this. I do agree tho that the relative value of encryption vs signature depends on teh application. Adam On Wed, Jan 11, 2006 at 09:04:07AM -0500, Perry E. Metzger wrote: > > Ian G <[EMAIL PROTECTED]> writes: > > Travis H. wrote: > >> I'd like to make a long-term key for signing communication keys using > >> GPG and I'm wondering what the current recommendation is for such. I > >> remember a problem with Elgamal signing keys and I'm under the > >> impression that the 1024 bit strength provided by p in the DSA is not > >> sufficiently strong when compared to my encryption keys, which are > >> typically at least 4096-bit D/H, which I typically use for a year. > > > > 1. Signing keys face a different set of > > non-crypto threats than to encryption > > keys. In practice, the attack envelope > > is much smaller, less likely. > > I call "bull". > > You have no idea what his usage pattern is like, and you have no idea > what the consequences for him of a forged signature key might be. It > is therefore unreasonable -- indeed, unprofessional -- to make such > claims off the cuff. > > -- > Perry E. Metzger [EMAIL PROTECTED] > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
