what are the sub keys
Jerome Baum
jerome at jeromebaum.com
Tue Mar 22 22:22:24 CET 2011
"Robert J. Hansen" <rjh at sixdemonbag.org> writes:
> On 3/22/11 4:05 PM, Jerome Baum wrote:
>> Would you say those users would be "just fine" with RSA-4096?
>
> No. As I said, large default keys have problems in the embedded space:
> particularly, they do not work with smart cards, which are getting
> increasingly important. The previous generation of cards were generally
> RSA-1K devices. The current generation is moving towards RSA-2K.
>
> I don't think changing the defaults to something that's incompatible
> with smart cards is particularly wise.
Are you talking about the option of moving a key to a smart card?
Because if I generate it on-card, I won't have the option of
RSA-4096. And will "average Joe" really move his key to a smart card if
he generated it off card? And does that actually make any sense
considering it wasn't originally generated on-card?
So considering that the "smart card" argument only makes sense when I
generate on-card, and considering that gpg wouldn't offer RSA-4096
anyway in that case, how does this make it a bad idea to have RSA-4096
as the (recommended) default?
Obviously, if I am not using a smart card and doing other stuff on a
device that can't cope with RSA-4096 keys, then I am probably smart
enough to ignore the default, right?
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/b02c11a1/attachment.pgp>
More information about the Gnupg-users
mailing list