Hi all,
Am 24.05.2016 um 19:07 schrieb Florian Snow:
Moritz Bartl <[email protected]> writes:
Both the Yubikey4/Neo (Javacard applets) and the OpenPGP Smartcard by
Zeitcontrol support up to 4096bit RSA keys.
The Yubikey Neo support 2048 Bits and that is a key size that I am not
comfortable with. It may be ok for now, but my email from now might not
be safe in a couple of years. I don't want to risk that. I have
recently seen a key with 16K and I thought that might be overkill, but
then again, better be safe than sorry.
Keep in mind such high key lengths might be a nuisance for other people
(performance...)
Where do you keep your subkeys if you rotate, say, every 6 months?
I find it an unnecessary hassle to rotate that often. Also, I decided
against using subkeys and so I rotate the whole key. I set the key to
expire one year after creation and then I decide if it's still safe once
a year. If it is, I extend the deadline by another year.
So you're throwing away all your signatures regularly.
Best wishes
Michael
_______________________________________________
Discussion mailing list
[email protected]
https://mail.fsfeurope.org/mailman/listinfo/discussion
