www-community mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rich Bowen <rbo...@rcbowen.com>
Subject Re: [OpenPGP] Moving Away From DSA and SHA-1
Date Tue, 11 Aug 2009 14:09:35 GMT
Is it possible to regenerate my gpg key without losing all the  
signatures on my existing key? I presume not, but perhaps there's  
something I'm missing. I have a 1024 bit key, and would like to be  
like the cook kids, but not lose ten years of signatures.

On Aug 11, 2009, at 08:39, Robert Burrell Donkin wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> with ApacheConUS only three months away, we really need to start
> planning how apache can move away from short keys (DSA and RSA < 2048)
> and weak WOT links (SHA-1)[1]. the consensus on infra was that this is
> the best list for this discussion. if it happens to get too busy  
> then a
> new list can be created.
>
> the first step needs to be updating the documents so that new release
> managers know how to set up and use GnuPG[2] to generate keys unlikely
> to need changing in the next couple of years. i'll start a thread over
> on site dev to cover this.
>
> the first question for discussion is recommended key length. 2048 is  
> the
> minimum safe size for new keys but only just. for keys used to sign
> releases, 4096 is more credible today. 8192 bit keys are possible with
> GnuPG[3] but are fiddly and - in older tools - support may be patchy.
> going for 4096 would mean a second transition before 2015 but the next
> generation (SHA-3 and next generation of OpenPGP) should be  
> available by
> then.
>
> consensus on infra was to go for 4096 but if anyone knows any good
> reasons to go for some other value, please jump in.
>
> - - robert
>
> [1]
> http://www.jroller.com/robertburrelldonkin/entry/release_distribution_renewing_the_web
> [2] http://www.gnupg.org
> [3] http://www.jroller.com/robertburrelldonkin/entry/gnupg_8192bit_rsa_keys
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iQIcBAEBAgAGBQJKgWaEAAoJEHl6NpRAqILLzzQP/RI/ZpkauHrLMzW48lNRsmUc
> h9a4HJ1WXL6eESSbJK9rawPxrAvG/p3rbH3TTixIkwLPz8BQDuG8kxmTHn8LDlGg
> /YLZbDtgFpF3SElGn1MbzldI48DTgw/JXa4opVHi/gvSAoA72+P7td5D12YiA+6R
> Urr6I8hcDOdHRfDsXPHbu5MLh4S//vVgrdOXahLqwzwJK0GCdsjJ88RGJgPXrWfH
> abfzKY3jGUheLtIJUbQiMI2IKA5VrCK+WMXoWxnqnnxL6JDQUGXfpai5dxoRy22D
> wcv6UN+FIUF8OCBymYRXMcngwczYDkYkUyrVEjOSlnmtC4rHKq/wZGtn3VJGSCEf
> hLoSC+aZ+HLHxK5pA0ZxRs4IFhMtTijV5ng6VA1aOPW0N1ySIUd7fgAO7QpksCcL
> 84LZMAzstH48Ce2Zzrj8oJ5NLYIR531Mh0C7N/JRkUdPLTXDByvXBTJ9uRXoRw6v
> a1IexoewUxXfAcR2Yi0lVtkL9ZBVWMm/caXpSqLHKxFvQND71dWg+7UsfJR057c3
> CP5bwJIp4dANLOeYa6kj07b+Xu2ZutKBAdZWSH/u3lx1Grh3apq1gbGmdoyKyLyj
> d4px2wyB6oWS5C3ZEdAG8oy9QC1LERgnqTt7kMGMNl5j8E1AAMsPTw7laULss1S1
> itF2Nys9bJZA1dfQTx7B
> =w79Q
> -----END PGP SIGNATURE-----
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: community-unsubscribe@apache.org
> For additional commands, e-mail: community-help@apache.org
>

--
If you miss this moment
You miss your life





---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org


Mime
View raw message