From: Aaron Bauman <bman@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] [PATCH 0/4] GLEP 63: clean up, and reduce key size to RSA-2048
Date: Tue, 03 Jul 2018 12:42:26 -0400 [thread overview]
Message-ID: <9950822.7ybtiaU7av@monkey> (raw)
In-Reply-To: <5401190.UbGu1mLZpO@monkey>
[-- Attachment #1: Type: text/plain, Size: 1987 bytes --]
On Tuesday, July 3, 2018 12:40:57 PM EDT Aaron Bauman wrote:
> On Tuesday, July 3, 2018 9:29:53 AM EDT Michał Górny wrote:
> > Hi, everyone.
> >
> > Here's a series of patches for GLEP 63 (key policies). The first three
> > patches are merely editorial changes. The fourth is an actual
> > recommended policy change.
> >
> > The editorial changes are:
> >
> > 1. Using 'OpenPGP' instead of 'GPG' where appropriate.
> >
> > 2. Replacing 'RSAv4' with more correct term.
> >
> > 3. Clarifying the sentence on minimal key requirement to make it clear
> >
> > that dedicated signing subkey is also part of it.
> >
> > The policy change is changing the recommendation from RSA-4096
> > to RSA-2048. This does not require developers to reroll their RSA-4096
> > keys but aims to prevent people unnecessarily replacing RSA-2048 with
> > RSA-4096.
> >
> > The new recommendation matches what GnuPG FAQ suggests [1] (see 11.4,
> > 11.5). Long story short, RSA-4096 is only a little stronger than
> > RSA-2048 while it is much slower. If someone really wants to use it,
> > sure; but generally we shouldn't be encouraging people to use it.
> >
> > [1]:https://www.gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096
> >
> > --
> > Best regards,
> > Michał Górny
> >
> > Michał Górny (4):
> > glep-0063: Use 'OpenPGP' as appropriate
> > glep-0063: RSAv4 -> OpenPGP v4 key format
> > glep-0063: Clarify dedicated signing subkey in minimal reqs
> > glep-0063: Change the recommended RSA key size to 2048 bits
> >
> > glep-0063.rst | 44 ++++++++++++++++++++++++++++----------------
> > 1 file changed, 28 insertions(+), 16 deletions(-)
>
> Patches look good to me. I think now would be a good time to address other
> verbage too. e.g. recommendations should be requirements etc
To clarify. I think this patchset it good as it is. I can create a new
patchset with recommendations for the things I mentioned above.
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2018-07-03 16:42 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-03 13:29 [gentoo-dev] [PATCH 0/4] GLEP 63: clean up, and reduce key size to RSA-2048 Michał Górny
2018-07-03 13:29 ` [gentoo-dev] [PATCH 1/4] glep-0063: Use 'OpenPGP' as appropriate Michał Górny
2018-07-03 13:29 ` [gentoo-dev] [PATCH 2/4] glep-0063: RSAv4 -> OpenPGP v4 key format Michał Górny
2018-07-03 13:29 ` [gentoo-dev] [PATCH 3/4] glep-0063: Clarify dedicated signing subkey in minimal reqs Michał Górny
2018-07-03 13:29 ` [gentoo-dev] [PATCH 4/4] glep-0063: Change the recommended RSA key size to 2048 bits Michał Górny
2018-07-03 16:40 ` [gentoo-dev] [PATCH 0/4] GLEP 63: clean up, and reduce key size to RSA-2048 Aaron Bauman
2018-07-03 16:42 ` Aaron Bauman [this message]
2018-07-03 19:55 ` Michał Górny
2018-07-04 7:22 ` [gentoo-dev] [PATCH 5/4] glep-0063: Allow ECC keys Michał Górny
2018-07-04 7:49 ` Kristian Fiskerstrand
2018-07-04 7:54 ` Michał Górny
2018-07-04 8:01 ` Kristian Fiskerstrand
2018-07-04 8:42 ` Michał Górny
2018-07-04 8:51 ` Kristian Fiskerstrand
2018-07-04 9:09 ` Michał Górny
2018-07-04 9:49 ` Kristian Fiskerstrand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9950822.7ybtiaU7av@monkey \
--to=bman@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox