[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-devel
Subject: Re: GnuPG cryptographic defaults on the 2.2 branch
From: ilf <ilf () zeromail ! org>
Date: 2017-09-22 8:17:07
Message-ID: 20170922081707.GO6807 () zeromail ! org
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Robert J. Hansen:
> But "it costs very little to get more margin", when our margin is
> already a factor of a *billion* stronger than it needs to be, is just a
> nonstarter. If a billion isn't enough for you, then what is?
Yes, but this is *now*. But I am arguing for the future in a dozen or
more years.
We're talking about defaults that will be used until the 2.3 release -
that might be years. (2?)
Even the last 2.2 before 2.3 will be used by distributions years after.
(3?)
People generate keys with that 2.2 that will be used for encryption
years after they are generated. (5?)
And *that* encryption should still be considered strong against attacks
at least a decade after the initial encryption, in some cases way more
than that.
That's a lot of assumptions about the future here, but I do think those
values to be reasonable. So we're deciding *now* on what should have
enough safety margin for in 20 years. Looking at the last 20, I'd rather
be safe than sorry.
> There are some very good justifications to move to RSA-3072:
Well we agree on that. :)
--
ilf
Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
-- Eine Initiative des Bundesamtes für Tastaturbenutzung
["signature.asc" (application/pgp-signature)]
_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic