From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id D55F8138334 for ; Tue, 3 Jul 2018 16:41:23 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2D28AE0B73; Tue, 3 Jul 2018 16:41:03 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id B19A4E0B66 for ; Tue, 3 Jul 2018 16:41:02 +0000 (UTC) Received: from monkey.localnet (pool-71-163-21-11.washdc.fios.verizon.net [71.163.21.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: bman) by smtp.gentoo.org (Postfix) with ESMTPSA id C6870335CFE for ; Tue, 3 Jul 2018 16:41:00 +0000 (UTC) From: Aaron Bauman To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] [PATCH 0/4] GLEP 63: clean up, and reduce key size to RSA-2048 Date: Tue, 03 Jul 2018 12:40:57 -0400 Message-ID: <5401190.UbGu1mLZpO@monkey> In-Reply-To: <20180703132957.29200-1-mgorny@gentoo.org> References: <20180703132957.29200-1-mgorny@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1557724.CK5iHdvFfi"; micalg="pgp-sha256"; protocol="application/pgp-signature" X-Archives-Salt: 1da8700e-8d9d-4a34-bbff-ff01af5f592e X-Archives-Hash: fa1370b67f429c570bb41466ec31c2fc --nextPart1557724.CK5iHdvFfi Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" On Tuesday, July 3, 2018 9:29:53 AM EDT Micha=C5=82 G=C3=B3rny wrote: > Hi, everyone. >=20 > Here's a series of patches for GLEP 63 (key policies). The first three > patches are merely editorial changes. The fourth is an actual > recommended policy change. >=20 > The editorial changes are: >=20 > 1. Using 'OpenPGP' instead of 'GPG' where appropriate. >=20 > 2. Replacing 'RSAv4' with more correct term. >=20 > 3. Clarifying the sentence on minimal key requirement to make it clear > that dedicated signing subkey is also part of it. >=20 > The policy change is changing the recommendation from RSA-4096 > to RSA-2048. This does not require developers to reroll their RSA-4096 > keys but aims to prevent people unnecessarily replacing RSA-2048 with > RSA-4096. >=20 > The new recommendation matches what GnuPG FAQ suggests [1] (see 11.4, > 11.5). Long story short, RSA-4096 is only a little stronger than > RSA-2048 while it is much slower. If someone really wants to use it, > sure; but generally we shouldn't be encouraging people to use it. >=20 > [1]:https://www.gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096 >=20 > -- > Best regards, > Micha=C5=82 G=C3=B3rny >=20 > Micha=C5=82 G=C3=B3rny (4): > glep-0063: Use 'OpenPGP' as appropriate > glep-0063: RSAv4 -> OpenPGP v4 key format > glep-0063: Clarify dedicated signing subkey in minimal reqs > glep-0063: Change the recommended RSA key size to 2048 bits >=20 > glep-0063.rst | 44 ++++++++++++++++++++++++++++---------------- > 1 file changed, 28 insertions(+), 16 deletions(-) Patches look good to me. I think now would be a good time to address other= =20 verbage too. e.g. recommendations should be requirements etc --nextPart1557724.CK5iHdvFfi Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEiDRK3jyVBE/RkymqpRQw84X1dt0FAls7pxkACgkQpRQw84X1 dt2oZwf9H4a6HiW+AhHx4fjqieexXhNaM+m5dTNxqZluB+affu3TvLacKL1wsWEa yYuqC00pp1PIDDEIWVzajJT3K10RDyr3UniWN7ct/3/VrpWEItFqmev6v1pmPwbP LIQylJfoEWD4UYxnO3j6ooMAjvyDtCT6IFSTZGuqRV5ZTMq3UVTRbWMUmujKkBaC S3VrK67K6gILaeLF0qSZlqD1jrbgUAI8uLiwWlCntW5YqgR3mtcd5H1iaQD4at9x /CF/ODk3o/jCudk+pGjTHFaOgRU3tUtNGAA40ybX2iGdB67ljeMpd260zC9T2Su6 2ipwHepskgV9ZaIidXH0l6B/mrTl1Q== =+a1E -----END PGP SIGNATURE----- --nextPart1557724.CK5iHdvFfi--