Policy For Sunsetting GPG Keys < 2048 Bits
Dimitri John Ledkov
xnox at ubuntu.com
Fri Nov 28 10:45:44 UTC 2014
On 27 November 2014 at 09:01, Mark Shuttleworth <mark at ubuntu.com> wrote:
> On 27/11/14 00:05, Kees Cook wrote:
>> I think we should have the same policy for PPAs, and it should follow the
>> same timeline. Additionally, we should have LP reject uploading weak keys,
>> which could happens early in the transition timeline.
>> (Seems like we should ditch DSA keys entirely, and all RSA less than 2048.)
> Are any of the ECC algorithms widely trusted yet? Seem nice and
> efficient with SSH at least.
Widely trusted - yes, widely available - not quite yet, eventually we
should support them.
My concern with ECC algorithms is smaller key sizes to match
equivalent RSA security (e.g. 224 bit ECC key ~= 2048 bit RSA key).
Which leads to requiring less quantum computing power to break ECC key
over RSA key, thus if/when quantum computing takes off ECC keys will
be broken ahead of RSA keys.
More information about the technical-board