Let's start with the most important thing: > I am sorry for having to write these harsh comments
I didn't find your comments harsh, but thank you for being considerate. :) >> * Every reference to the SKS keyserver network now points to >> keys.openpgp.org. Reason: the SKS attacks a few months ago. > > I have to object against this change. The SKS server network is still > useful and definitely more useful than an non-matured and centralized > keyserver. I can't agree with this. SKS is effectively dead. Older GnuPG installations can still get utterly wedged if they pull down a poisoned certificate from SKS. There are a *lot* of these older installations out there in the wild, and what we suggest to them should not lead them into wedging their system. Should they update? Yes. Is the problem mitigated by an update? Yes. But will they? Probably not before wedging their keyring. Given that high-profile people in the community have had our certificates defaced, it's possible someone will say "I want to ask dkg a question," pull down his cert, get wedged, and... etc. I think it's dangerous to our users to continue to recommend SKS in the face of a well-known poisoning problem. > suggesting the use of that specific keyserver is a no-go. I'm fine with this. My major concern is removing SKS recommendations. >> * All references to 2048-bit crypto are updated to refer to 3072-bit >> crypto. Reason: GnuPG now defaults to 3072-bit RSA. > > Okay. But this > > +your certificate uses 2048-bit keys we recommend retiring them and > +migrating to a new keypair of at least 3072 bits length. You can do > > is a no-go because we will have a hard to time to convice people that > this is just a geek suggestion and that for almost all general use of > gpg the existsing keys are still fine. Actually 2k keys are still > allowed in Germany for restricted communication and there is no need for > an immediate rush to 3k. I agree there is no immediate rush: the US guidance says they're safe until 2030. But for many years we advised people to use 2048-bit keys, now we're generating 3072-bit keys by default. At the very least the old guidance on 2048-bit keys needs to be dropped. Whether we explain it away as "we're now using 3072-bit keys by default, in order to get a long head start on 2048's obsolescence" or "we're going to be moving to ECC in the near future" matters little to me, but we need to explain the shift away from 2048. > I also wonder why you removed this > > -If you need more security than RSA-2048 offers, the way to go would be > -to switch to elliptical curve cryptography — not to continue using > -RSA. Because it raises an immediate question of, "then why does GnuPG default to RSA-3072, if the FAQ's guidance is past -2048 to use ECC?" The FAQ's statement collides with what GnuPG actually does. > That is a matter of minutes. I only had a brief look at it but I can't > see that your changes are subject to frequently asked questions here. There were three major changes: keyservers, key lengths, and an email address. All three existed in prior iterations of the FAQ. If you think they should be dropped, I'm all for that conversation, but please keep in mind that I'm not adding new subjects to the FAQ: in this pass I was updating existing content. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users