Yubikey 4 becoming non-free
floriansnow at fsfe.org
Wed May 25 03:59:38 UTC 2016
Michael Kesper <mkesper at schokokeks.org> writes:
> Keep in mind such high key lengths might be a nuisance for other
> people (performance...)
I use 4K; I just saw another key that was 16K. I still use RSA keys
because of the slight risk of quantum computers becoming useable within
the next 10 years. If I understood things correctly, for those
computers, only the key size matters, ECC is not make it significantly
more difficult for them to break. Please correct me if I'm wrong here.
> So you're throwing away all your signatures regularly.
Not really. I keep my key for many years if it is still safe. After
that, I would try the route of asking people to sign my new key by
sending them an email signed with both keys.
I also don't currently collect any signatures on my key. I am still not
sure it is a good idea and no one has been able to provide a good answer
to me yet. The problem I see is that the recommended procedure for
signing a key involves checking a government issued id. If the
government then checks those emails, they can verify a certain email was
actually written by me and the more signatures I have, the more certain
they can be that at least _someone_ checked my id.
I don't care about the social graph being exposed; it is exposed anyway
if I send emails to people. But linking my key to a government issued
id is a problem for me.
My current alternative is to just exchange key fingerprints in person.
I don't check ids when I talk to people so with exchanging keys in
person, I have the same level of security as I would have in person.
This doesn't solve the problem of communicating with people who I have
never met personally. I'm not sure how to solve it.
More information about the Discussion