1 |
On Tuesday, July 3, 2018 12:40:57 PM EDT Aaron Bauman wrote: |
2 |
> On Tuesday, July 3, 2018 9:29:53 AM EDT Michał Górny wrote: |
3 |
> > Hi, everyone. |
4 |
> > |
5 |
> > Here's a series of patches for GLEP 63 (key policies). The first three |
6 |
> > patches are merely editorial changes. The fourth is an actual |
7 |
> > recommended policy change. |
8 |
> > |
9 |
> > The editorial changes are: |
10 |
> > |
11 |
> > 1. Using 'OpenPGP' instead of 'GPG' where appropriate. |
12 |
> > |
13 |
> > 2. Replacing 'RSAv4' with more correct term. |
14 |
> > |
15 |
> > 3. Clarifying the sentence on minimal key requirement to make it clear |
16 |
> > |
17 |
> > that dedicated signing subkey is also part of it. |
18 |
> > |
19 |
> > The policy change is changing the recommendation from RSA-4096 |
20 |
> > to RSA-2048. This does not require developers to reroll their RSA-4096 |
21 |
> > keys but aims to prevent people unnecessarily replacing RSA-2048 with |
22 |
> > RSA-4096. |
23 |
> > |
24 |
> > The new recommendation matches what GnuPG FAQ suggests [1] (see 11.4, |
25 |
> > 11.5). Long story short, RSA-4096 is only a little stronger than |
26 |
> > RSA-2048 while it is much slower. If someone really wants to use it, |
27 |
> > sure; but generally we shouldn't be encouraging people to use it. |
28 |
> > |
29 |
> > [1]:https://www.gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096 |
30 |
> > |
31 |
> > -- |
32 |
> > Best regards, |
33 |
> > Michał Górny |
34 |
> > |
35 |
> > Michał Górny (4): |
36 |
> > glep-0063: Use 'OpenPGP' as appropriate |
37 |
> > glep-0063: RSAv4 -> OpenPGP v4 key format |
38 |
> > glep-0063: Clarify dedicated signing subkey in minimal reqs |
39 |
> > glep-0063: Change the recommended RSA key size to 2048 bits |
40 |
> > |
41 |
> > glep-0063.rst | 44 ++++++++++++++++++++++++++++---------------- |
42 |
> > 1 file changed, 28 insertions(+), 16 deletions(-) |
43 |
> |
44 |
> Patches look good to me. I think now would be a good time to address other |
45 |
> verbage too. e.g. recommendations should be requirements etc |
46 |
|
47 |
To clarify. I think this patchset it good as it is. I can create a new |
48 |
patchset with recommendations for the things I mentioned above. |