1 |
Hi, everyone. |
2 |
|
3 |
Here's a series of patches for GLEP 63 (key policies). The first three |
4 |
patches are merely editorial changes. The fourth is an actual |
5 |
recommended policy change. |
6 |
|
7 |
The editorial changes are: |
8 |
|
9 |
1. Using 'OpenPGP' instead of 'GPG' where appropriate. |
10 |
|
11 |
2. Replacing 'RSAv4' with more correct term. |
12 |
|
13 |
3. Clarifying the sentence on minimal key requirement to make it clear |
14 |
that dedicated signing subkey is also part of it. |
15 |
|
16 |
The policy change is changing the recommendation from RSA-4096 |
17 |
to RSA-2048. This does not require developers to reroll their RSA-4096 |
18 |
keys but aims to prevent people unnecessarily replacing RSA-2048 with |
19 |
RSA-4096. |
20 |
|
21 |
The new recommendation matches what GnuPG FAQ suggests [1] (see 11.4, |
22 |
11.5). Long story short, RSA-4096 is only a little stronger than |
23 |
RSA-2048 while it is much slower. If someone really wants to use it, |
24 |
sure; but generally we shouldn't be encouraging people to use it. |
25 |
|
26 |
[1]:https://www.gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096 |
27 |
|
28 |
-- |
29 |
Best regards, |
30 |
Michał Górny |
31 |
|
32 |
Michał Górny (4): |
33 |
glep-0063: Use 'OpenPGP' as appropriate |
34 |
glep-0063: RSAv4 -> OpenPGP v4 key format |
35 |
glep-0063: Clarify dedicated signing subkey in minimal reqs |
36 |
glep-0063: Change the recommended RSA key size to 2048 bits |
37 |
|
38 |
glep-0063.rst | 44 ++++++++++++++++++++++++++++---------------- |
39 |
1 file changed, 28 insertions(+), 16 deletions(-) |
40 |
|
41 |
-- |
42 |
2.18.0 |