-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Nov 7, 2007, at 11:38 PM, Werner Koch wrote:
On Wed, 7 Nov 2007 20:20, jon(_at_)callas(_dot_)org said:
Here are some things I might put in a profile:
I agree with all of that except for:
* Use only RSA 4096 bit public keys
it is not a real problem for a modern desktop box but for small or
embedded devices it is not going to work. There are also no
smartycards
in the foreseeable future that will support such a key length. Before
settling on this we should investigate ECC based algorithms.
Then pick a different size. I picked 4096 because it's big and apt to
stay viable for the forseeable future. NIST's numbers say that 3072
is equivalent to a 128-bit key. On the other hand, I know there's
still a lot of smartcards and the like that are stuck at 2048. I
wouldn't go below 2048.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII
wj8DBQFHMs7OsTedWZOD3gYRAtj7AKDYbvGsMs3Oy0zsF34YdkWl8qSLgQCg9QJD
ln8WMTRiKs1x2h/rGeReaRE=
=L3/p
-----END PGP SIGNATURE-----