Re: [gentoo-dev] [PATCH 0/4] GLEP 63: clean up, and reduce key size to RSA-2048
W dniu wto, 03.07.2018 o godzinie 12∶42 -0400, użytkownik Aaron Bauman napisał: > On Tuesday, July 3, 2018 12:40:57 PM EDT Aaron Bauman wrote: > > On Tuesday, July 3, 2018 9:29:53 AM EDT Michał Górny wrote: > > > Hi, everyone. > > > > > > Here's a series of patches for GLEP 63 (key policies). The first three > > > patches are merely editorial changes. The fourth is an actual > > > recommended policy change. > > > > > > The editorial changes are: > > > > > > 1. Using 'OpenPGP' instead of 'GPG' where appropriate. > > > > > > 2. Replacing 'RSAv4' with more correct term. > > > > > > 3. Clarifying the sentence on minimal key requirement to make it clear > > > > > >that dedicated signing subkey is also part of it. > > > > > > The policy change is changing the recommendation from RSA-4096 > > > to RSA-2048. This does not require developers to reroll their RSA-4096 > > > keys but aims to prevent people unnecessarily replacing RSA-2048 with > > > RSA-4096. > > > > > > The new recommendation matches what GnuPG FAQ suggests [1] (see 11.4, > > > 11.5). Long story short, RSA-4096 is only a little stronger than > > > RSA-2048 while it is much slower. If someone really wants to use it, > > > sure; but generally we shouldn't be encouraging people to use it. > > > > > > [1]:https://www.gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096 > > > > > > -- > > > Best regards, > > > Michał Górny > > > > > > Michał Górny (4): > > > glep-0063: Use 'OpenPGP' as appropriate > > > glep-0063: RSAv4 -> OpenPGP v4 key format > > > glep-0063: Clarify dedicated signing subkey in minimal reqs > > > glep-0063: Change the recommended RSA key size to 2048 bits > > > > > > glep-0063.rst | 44 > > > 1 file changed, 28 insertions(+), 16 deletions(-) > > > > Patches look good to me. I think now would be a good time to address other > > verbage too. e.g. recommendations should be requirements etc > > To clarify. I think this patchset it good as it is. I can create a new > patchset with recommendations for the things I mentioned above. Please do. I tried to keep this to stuff that's not likely to cause much of a bikeshed because I feel like stopping to tell people to do RSA-4096 is somewhat urgent, especially now that people are being asked to update their keys all over the place. -- Best regards, Michał Górny signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] [PATCH 0/4] GLEP 63: clean up, and reduce key size to RSA-2048
On Tuesday, July 3, 2018 12:40:57 PM EDT Aaron Bauman wrote: > On Tuesday, July 3, 2018 9:29:53 AM EDT Michał Górny wrote: > > Hi, everyone. > > > > Here's a series of patches for GLEP 63 (key policies). The first three > > patches are merely editorial changes. The fourth is an actual > > recommended policy change. > > > > The editorial changes are: > > > > 1. Using 'OpenPGP' instead of 'GPG' where appropriate. > > > > 2. Replacing 'RSAv4' with more correct term. > > > > 3. Clarifying the sentence on minimal key requirement to make it clear > > > >that dedicated signing subkey is also part of it. > > > > The policy change is changing the recommendation from RSA-4096 > > to RSA-2048. This does not require developers to reroll their RSA-4096 > > keys but aims to prevent people unnecessarily replacing RSA-2048 with > > RSA-4096. > > > > The new recommendation matches what GnuPG FAQ suggests [1] (see 11.4, > > 11.5). Long story short, RSA-4096 is only a little stronger than > > RSA-2048 while it is much slower. If someone really wants to use it, > > sure; but generally we shouldn't be encouraging people to use it. > > > > [1]:https://www.gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096 > > > > -- > > Best regards, > > Michał Górny > > > > Michał Górny (4): > > glep-0063: Use 'OpenPGP' as appropriate > > glep-0063: RSAv4 -> OpenPGP v4 key format > > glep-0063: Clarify dedicated signing subkey in minimal reqs > > glep-0063: Change the recommended RSA key size to 2048 bits > > > > glep-0063.rst | 44 > > 1 file changed, 28 insertions(+), 16 deletions(-) > > Patches look good to me. I think now would be a good time to address other > verbage too. e.g. recommendations should be requirements etc To clarify. I think this patchset it good as it is. I can create a new patchset with recommendations for the things I mentioned above. signature.asc Description: This is a digitally signed message part.
Re: [gentoo-dev] [PATCH 0/4] GLEP 63: clean up, and reduce key size to RSA-2048
On Tuesday, July 3, 2018 9:29:53 AM EDT Michał Górny wrote: > Hi, everyone. > > Here's a series of patches for GLEP 63 (key policies). The first three > patches are merely editorial changes. The fourth is an actual > recommended policy change. > > The editorial changes are: > > 1. Using 'OpenPGP' instead of 'GPG' where appropriate. > > 2. Replacing 'RSAv4' with more correct term. > > 3. Clarifying the sentence on minimal key requirement to make it clear >that dedicated signing subkey is also part of it. > > The policy change is changing the recommendation from RSA-4096 > to RSA-2048. This does not require developers to reroll their RSA-4096 > keys but aims to prevent people unnecessarily replacing RSA-2048 with > RSA-4096. > > The new recommendation matches what GnuPG FAQ suggests [1] (see 11.4, > 11.5). Long story short, RSA-4096 is only a little stronger than > RSA-2048 while it is much slower. If someone really wants to use it, > sure; but generally we shouldn't be encouraging people to use it. > > [1]:https://www.gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096 > > -- > Best regards, > Michał Górny > > Michał Górny (4): > glep-0063: Use 'OpenPGP' as appropriate > glep-0063: RSAv4 -> OpenPGP v4 key format > glep-0063: Clarify dedicated signing subkey in minimal reqs > glep-0063: Change the recommended RSA key size to 2048 bits > > glep-0063.rst | 44 > 1 file changed, 28 insertions(+), 16 deletions(-) Patches look good to me. I think now would be a good time to address other verbage too. e.g. recommendations should be requirements etc signature.asc Description: This is a digitally signed message part.
[gentoo-dev] [PATCH 0/4] GLEP 63: clean up, and reduce key size to RSA-2048
Hi, everyone. Here's a series of patches for GLEP 63 (key policies). The first three patches are merely editorial changes. The fourth is an actual recommended policy change. The editorial changes are: 1. Using 'OpenPGP' instead of 'GPG' where appropriate. 2. Replacing 'RSAv4' with more correct term. 3. Clarifying the sentence on minimal key requirement to make it clear that dedicated signing subkey is also part of it. The policy change is changing the recommendation from RSA-4096 to RSA-2048. This does not require developers to reroll their RSA-4096 keys but aims to prevent people unnecessarily replacing RSA-2048 with RSA-4096. The new recommendation matches what GnuPG FAQ suggests [1] (see 11.4, 11.5). Long story short, RSA-4096 is only a little stronger than RSA-2048 while it is much slower. If someone really wants to use it, sure; but generally we shouldn't be encouraging people to use it. [1]:https://www.gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096 -- Best regards, Michał Górny Michał Górny (4): glep-0063: Use 'OpenPGP' as appropriate glep-0063: RSAv4 -> OpenPGP v4 key format glep-0063: Clarify dedicated signing subkey in minimal reqs glep-0063: Change the recommended RSA key size to 2048 bits glep-0063.rst | 44 1 file changed, 28 insertions(+), 16 deletions(-) -- 2.18.0