| 1 |
There is really no technical reason to use DSA these days, and we should |
| 2 |
focus on having a single recommendation. DSA keys are still permitted |
| 3 |
via 'minimal' requirements. |
| 4 |
--- |
| 5 |
glep-0063.rst | 20 ++++++++------------ |
| 6 |
1 file changed, 8 insertions(+), 12 deletions(-) |
| 7 |
|
| 8 |
diff --git a/glep-0063.rst b/glep-0063.rst |
| 9 |
index ab7cb79..e81c862 100644 |
| 10 |
--- a/glep-0063.rst |
| 11 |
+++ b/glep-0063.rst |
| 12 |
@@ -35,6 +35,9 @@ v1.1 |
| 13 |
|
| 14 |
Minimal specification has been amended to allow for ECC keys. |
| 15 |
|
| 16 |
+ The option of using DSA subkey has been removed from recommendations. |
| 17 |
+ The section now specifies a single recommendation of using RSA. |
| 18 |
+ |
| 19 |
Motivation |
| 20 |
========== |
| 21 |
|
| 22 |
@@ -122,26 +125,19 @@ their primary key). |
| 23 |
# when making an OpenPGP certification, use a stronger digest than the default SHA1: |
| 24 |
cert-digest-algo SHA256 |
| 25 |
|
| 26 |
-2. Primary key type RSA, 2048 bits (OpenPGP v4 key format or later) |
| 27 |
- |
| 28 |
- This may require creating an entirely new key. |
| 29 |
- |
| 30 |
-3. Dedicated signing subkey of EITHER: |
| 31 |
- |
| 32 |
- a. DSA 2048 bits exactly. |
| 33 |
- |
| 34 |
- b. RSA 2048 bits exactly. |
| 35 |
+2. Primary key and a dedicated signing subkey, both of type RSA, 2048 bits |
| 36 |
+ (OpenPGP v4 key format or later) |
| 37 |
|
| 38 |
-4. Key expiry: |
| 39 |
+3. Key expiry: |
| 40 |
|
| 41 |
a. Primary key: 3 years maximum, expiry date renewed annually. |
| 42 |
|
| 43 |
b. Gentoo subkey: 1 year maximum, expiry date renewed every 6 months. |
| 44 |
|
| 45 |
-5. Create a revocation certificate & store it hardcopy offsite securely |
| 46 |
+4. Create a revocation certificate & store it hardcopy offsite securely |
| 47 |
(it's about ~300 bytes). |
| 48 |
|
| 49 |
-6. Encrypted backup of your secret keys. |
| 50 |
+5. Encrypted backup of your secret keys. |
| 51 |
|
| 52 |
Gentoo LDAP |
| 53 |
=========== |
| 54 |
-- |
| 55 |
2.18.0 |
Archives