Gentoo Archives: gentoo-dev

From: "Michał Górny" <mgorny@g.o>
To: gentoo-dev@l.g.o
Cc: robbat2@g.o, "Michał Górny" <mgorny@g.o>
Subject: [gentoo-dev] [PATCH 0/4] GLEP 63: clean up, and reduce key size to RSA-2048
Date: Tue, 03 Jul 2018 13:30:25
Message-Id: 20180703132957.29200-1-mgorny@gentoo.org
1 Hi, everyone.
2
3 Here's a series of patches for GLEP 63 (key policies). The first three
4 patches are merely editorial changes. The fourth is an actual
5 recommended policy change.
6
7 The editorial changes are:
8
9 1. Using 'OpenPGP' instead of 'GPG' where appropriate.
10
11 2. Replacing 'RSAv4' with more correct term.
12
13 3. Clarifying the sentence on minimal key requirement to make it clear
14 that dedicated signing subkey is also part of it.
15
16 The policy change is changing the recommendation from RSA-4096
17 to RSA-2048. This does not require developers to reroll their RSA-4096
18 keys but aims to prevent people unnecessarily replacing RSA-2048 with
19 RSA-4096.
20
21 The new recommendation matches what GnuPG FAQ suggests [1] (see 11.4,
22 11.5). Long story short, RSA-4096 is only a little stronger than
23 RSA-2048 while it is much slower. If someone really wants to use it,
24 sure; but generally we shouldn't be encouraging people to use it.
25
26 [1]:https://www.gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096
27
28 --
29 Best regards,
30 Michał Górny
31
32 Michał Górny (4):
33 glep-0063: Use 'OpenPGP' as appropriate
34 glep-0063: RSAv4 -> OpenPGP v4 key format
35 glep-0063: Clarify dedicated signing subkey in minimal reqs
36 glep-0063: Change the recommended RSA key size to 2048 bits
37
38 glep-0063.rst | 44 ++++++++++++++++++++++++++++----------------
39 1 file changed, 28 insertions(+), 16 deletions(-)
40
41 --
42 2.18.0

Replies