On Mon, Jan 23, 2012 at 02:18:54PM +0000, Chris Poole wrote: > If the only purpose of the primary key (in my case, where I have subkeys for > signing and encryption) is to sign the subkeys, why not simply make it > stupidly > large? Equivalent to 256 bits with a symmetric cipher, or 512 bits?
Because it's also used to sign other people's keys. Using a very large key (for 256-bit equivalence, ~15kbits) makes verification so slow as to be unusable. You have to not only verify signatures on other keys but also the signatures on the subkeys. This is less of a problem with implementations that verify signatures only once and then cache the results, but most implementations do not do that. Also, there's nothing preventing people from actually signing data with the primary key, so someone who is unfamiliar with your strategy might accidentally use a single, very large key. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users