On 04/28/2014 02:07 PM, Phil Pennock wrote: > For now, if it's taken 15 years for someone keen on key signings to > reach a 1MB limit, then I think that 8MB, covering 120 years of > activity at such a rate, is likely to be enough for most normal mortal > human beings. It's certainly enough to set as a limit for now,
I agree with Phil that this number is a reasonable limit for now, but i don't agree with his back-of-the-envelope math. in particular, many of the pre-existing OpenPGP certifications on an older key like weasel's were certifications made by 1024-bit DSA keys. I suspect the certifications made on weasel's new key will likely be made by 4096-bit RSA keys. DSA signatures are (much) smaller than RSA signatures even when of the same key length, and RSA signatures themselves scale with keysize. So i think 8MiB is likely to be fine for today, and we may need to update it sooner rather than later. (hopefully in 5 years from now we will all have started a move to stronger/shorter elliptic curve-based keys, but that transition is likely to take a while) Regards, --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel