From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id CB3FE138334 for ; Tue, 3 Jul 2018 13:30:25 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 38CDDE09FD; Tue, 3 Jul 2018 13:30:19 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id C2035E0984 for ; Tue, 3 Jul 2018 13:30:18 +0000 (UTC) Received: from localhost.localdomain (d202-252.icpnet.pl [109.173.202.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id 92B32335C90; Tue, 3 Jul 2018 13:30:02 +0000 (UTC) From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= To: gentoo-dev@lists.gentoo.org Cc: robbat2@gentoo.org, =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= Subject: [gentoo-dev] [PATCH 0/4] GLEP 63: clean up, and reduce key size to RSA-2048 Date: Tue, 3 Jul 2018 15:29:53 +0200 Message-Id: <20180703132957.29200-1-mgorny@gentoo.org> X-Mailer: git-send-email 2.18.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Archives-Salt: 5d693de6-6ba3-457f-ad8a-95e751d56343 X-Archives-Hash: 02d0d88c4edb61e42287c5cb49938df2 Hi, everyone. Here's a series of patches for GLEP 63 (key policies). The first three patches are merely editorial changes. The fourth is an actual recommended policy change. The editorial changes are: 1. Using 'OpenPGP' instead of 'GPG' where appropriate. 2. Replacing 'RSAv4' with more correct term. 3. Clarifying the sentence on minimal key requirement to make it clear that dedicated signing subkey is also part of it. The policy change is changing the recommendation from RSA-4096 to RSA-2048. This does not require developers to reroll their RSA-4096 keys but aims to prevent people unnecessarily replacing RSA-2048 with RSA-4096. The new recommendation matches what GnuPG FAQ suggests [1] (see 11.4, 11.5). Long story short, RSA-4096 is only a little stronger than RSA-2048 while it is much slower. If someone really wants to use it, sure; but generally we shouldn't be encouraging people to use it. [1]:https://www.gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096 -- Best regards, Michał Górny Michał Górny (4): glep-0063: Use 'OpenPGP' as appropriate glep-0063: RSAv4 -> OpenPGP v4 key format glep-0063: Clarify dedicated signing subkey in minimal reqs glep-0063: Change the recommended RSA key size to 2048 bits glep-0063.rst | 44 ++++++++++++++++++++++++++++---------------- 1 file changed, 28 insertions(+), 16 deletions(-) -- 2.18.0