multiple subkeys and key transition
Robert J. Hansen
rjh at sixdemonbag.org
Thu Dec 9 15:08:24 CET 2010
On 12/9/2010 1:14 AM, Ben McGinnes wrote:
> I am giving very serious thought to creating new keys and
> doing a (long-term) transition to them. This is partly to respond to
> known flaws with SHA-1 and take advantage of SHA-256 and higher.
My best counsel is: don't, at least not yet.
First, there are no imminent practical attacks on SHA-1. Second, the
OpenPGP Working Group ("the WG") is currently figuring out how to get
SHA-1 out of the OpenPGP spec and how to replace it with something better.
If you do a transition now, it's possible you'll want to transition
again in six months or a year once the WG updates the RFC.
I'd hold off on this, at least for now.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5598 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20101209/754b3d92/attachment-0001.bin>
More information about the Gnupg-users
mailing list