Jonathan McDowell wrote:
I would ask that DDs make some effort to help
those with weak keys get their new, stronger keys signed. Please sign
responsibly[4],
If you have signed someones old key is it considered "responsible" to
sign their new key based on a transition statement signed by the old
key? or is a new face-to-face meeting required? I've seen plenty of
(sometimes conflicting) advice on signing keys of a person you have
never signed keys for before but not much on the transition situation.
(note: this is a general question to consider, I'm not personally in a
position where it would apply)
My understanding is that the NSA and similar organisations can probablly
crack 1024 bit keys but the cost of doing so (assuming there hasn't been
some secret mathematical breakthrough) is likely sufficiently high that
it would be cheaper to infiltrate debian the old-fasioned way (false
passports, putting agents through the NM process etc). Is that
understanding correct?
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5403149f.40...@p10link.net