On 04/28/2014 02:07 PM, Phil Pennock wrote: > For now, if it's taken 15 years for someone keen on key signings to > reach a 1MB limit, then I think that 8MB, covering 120 years of > activity at such a rate, is likely to be enough for most normal mortal > human beings. It's certainly enough to set as a limit for now,
I agree with Phil that this number is a reasonable limit for now, but i
don't agree with his back-of-the-envelope math.
in particular, many of the pre-existing OpenPGP certifications on an
older key like weasel's were certifications made by 1024-bit DSA keys.
I suspect the certifications made on weasel's new key will likely be
made by 4096-bit RSA keys. DSA signatures are (much) smaller than RSA
signatures even when of the same key length, and RSA signatures
themselves scale with keysize. So i think 8MiB is likely to be fine for
today, and we may need to update it sooner rather than later.
(hopefully in 5 years from now we will all have started a move to
stronger/shorter elliptic curve-based keys, but that transition is
likely to take a while)
Regards,
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/sks-devel
