Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Michał Górny" <mgorny@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] data/glep:master commit in: /
Date: Sun, 29 Jul 2018 20:51:10
Message-Id: 1532894846.053bd57e619706ddd0967d181daea8fbfa37d1d6.mgorny@gentoo
1 commit: 053bd57e619706ddd0967d181daea8fbfa37d1d6
2 Author: Michał Górny <mgorny <AT> gentoo <DOT> org>
3 AuthorDate: Wed Jul 4 09:55:09 2018 +0000
4 Commit: Michał Górny <mgorny <AT> gentoo <DOT> org>
5 CommitDate: Sun Jul 29 20:07:26 2018 +0000
6 URL: https://gitweb.gentoo.org/data/glep.git/commit/?id=053bd57e
7
8 glep-0063: Stop recommending DSA subkeys
9
10 There is really no technical reason to use DSA these days, and we should
11 focus on having a single recommendation. DSA keys are still permitted
12 via 'minimal' requirements.
13
14 glep-0063.rst | 18 ++++++++----------
15 1 file changed, 8 insertions(+), 10 deletions(-)
16
17 diff --git a/glep-0063.rst b/glep-0063.rst
18 index 2402c34..7f870bb 100644
19 --- a/glep-0063.rst
20 +++ b/glep-0063.rst
21 @@ -36,6 +36,9 @@ v1.1
22
23 Minimal specification has been amended to allow for ECC keys.
24
25 + The option of using DSA subkey has been removed from recommendations.
26 + The section now specifies a single recommendation of using RSA.
27 +
28 Motivation
29 ==========
30
31 @@ -126,24 +129,19 @@ their primary key).
32 # when making an OpenPGP certification, use a stronger digest than the default SHA1:
33 cert-digest-algo SHA256
34
35 -2. Primary key type RSA, 2048 bits (OpenPGP v4 key format or later)
36 -
37 -3. The signing subkey of EITHER:
38 -
39 - a. DSA 2048 bits exactly.
40 -
41 - b. RSA 2048 bits exactly.
42 +2. Primary key and the signing subkey are both of type RSA, 2048 bits
43 + (OpenPGP v4 key format or later)
44
45 -4. Key expiry:
46 +3. Key expiry:
47
48 a. Primary key: 3 years maximum, expiry date renewed annually.
49
50 b. Signing subkey: 1 year maximum, expiry date renewed every 6 months.
51
52 -5. Create a revocation certificate & store it hardcopy offsite securely
53 +4. Create a revocation certificate & store it hardcopy offsite securely
54 (it's about ~300 bytes).
55
56 -6. Encrypted backup of your secret keys.
57 +5. Encrypted backup of your secret keys.
58
59 Gentoo LDAP
60 ===========
Report Message
Find on MARC Find on Google Groups