Hi,
Michael Kesper <[email protected]> writes: > Keep in mind such high key lengths might be a nuisance for other > people (performance...) I use 4K; I just saw another key that was 16K. I still use RSA keys because of the slight risk of quantum computers becoming useable within the next 10 years. If I understood things correctly, for those computers, only the key size matters, ECC is not make it significantly more difficult for them to break. Please correct me if I'm wrong here. > So you're throwing away all your signatures regularly. Not really. I keep my key for many years if it is still safe. After that, I would try the route of asking people to sign my new key by sending them an email signed with both keys. I also don't currently collect any signatures on my key. I am still not sure it is a good idea and no one has been able to provide a good answer to me yet. The problem I see is that the recommended procedure for signing a key involves checking a government issued id. If the government then checks those emails, they can verify a certain email was actually written by me and the more signatures I have, the more certain they can be that at least _someone_ checked my id. I don't care about the social graph being exposed; it is exposed anyway if I send emails to people. But linking my key to a government issued id is a problem for me. My current alternative is to just exchange key fingerprints in person. I don't check ids when I talk to people so with exchanging keys in person, I have the same level of security as I would have in person. This doesn't solve the problem of communicating with people who I have never met personally. I'm not sure how to solve it. Happy hacking! Florian _______________________________________________ Discussion mailing list [email protected] https://mail.fsfeurope.org/mailman/listinfo/discussion
