multiple subkeys and key transition
Ben McGinnes
ben at adversary.org
Thu Dec 9 17:04:34 CET 2010
On 10/12/10 1:08 AM, Robert J. Hansen wrote:
> On 12/9/2010 1:14 AM, Ben McGinnes wrote:
>> I am giving very serious thought to creating new keys and
>> doing a (long-term) transition to them. This is partly to respond to
>> known flaws with SHA-1 and take advantage of SHA-256 and higher.
>
> My best counsel is: don't, at least not yet.
Okay.
> First, there are no imminent practical attacks on SHA-1. Second,
> the OpenPGP Working Group ("the WG") is currently figuring out how
> to get SHA-1 out of the OpenPGP spec and how to replace it with
> something better.
Userful to know, can I track the WG's progress through this list or is
that done through the IETF or the OpenPGP site?
> If you do a transition now, it's possible you'll want to transition
> again in six months or a year once the WG updates the RFC.
Urgh, what a hideous thought.
> I'd hold off on this, at least for now.
Well, my current key has been perfectly fine since it's creation
nearly a dozen years ago. I'm still sufficiently sure that there is
no imminent threat, so I'm happy to just watch and wait and see what
the WG says.
Regards,
Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20101210/13f9ad94/attachment.pgp>
More information about the Gnupg-users
mailing list