On 26.06.2014 23:28, Paul R. Ramer wrote: > On June 26, 2014 8:26:16 AM PDT, Daniel Kahn Gillmor > <d...@fifthhorseman.net> wrote: > >> As for arguments about use on smartcards -- if you plan to get a >> smartcard, and you have a primary key that is too large for it, you >> can always generate and publish new subkeys that will fit in your >> smartcard. If that's the tradeoff that seems the most secure for >> you, that's fine, and the fact that you were using stronger keys in >> your non-smartcard implementation doesn't hurt you at all. >> Smartcards are not a good reason to object to larger keysizes for >> people who don't use smartcards. > > Actually, it is for those of us who prefer smartcards. I was once > newbie trying to use a smartcard. Repeated emphasis on having only a > 4k key can create the impression that a smartcard is not strong > enough, that it is weaker because it can only go up to 3072 bits > (depending on the card). > > The reason for me to have a smartcard was to physically separate the > key from the computer. Using a key that is too large for the > smartcard does not fit my purpose for having one.
I got an FSFE Fellowhip card and an OpenPGP SmartCard V2 from kernelconcepts.de (both were received early this year) and they both happily support 4096-bit keys. I do not know about YubiKey NEO "an experimental OpenPGP applet" though.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users