[FOSDEM] Keysigning: please submit your keys

Tom Marble tmarble at info9.net
Thu Dec 23 14:41:01 CET 2010


On 12/21/2010 09:17 AM, Philip Paeps wrote:
> The keysigning infrastructure seems to have held up well this year.  I spent
> some time today preparing the infrastructure for FOSDEM 2011.
As you are now promoting the KSP here (and on twitter)
allow me to suggest that the KSP organizers recommend
that attendees consider generating stronger 4096 RSA keys [0]
if they have not already and double check the GPG configuration
for signature strength SHA-512 [1][2][3].

In preparing for the Debconf 10 KSP [4] several resources
were assembled to help in this process [5][6].  I created a
small program, kspsig, to help verify signature strength [7].

HTH,

--Tom


[0] https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#primary-keys-should-be-dsa-2-or-rsa-2048-bits-or-m
[1] https://lists.debian.org/debian-devel-announce/2009/05/msg00005.html
[2] http://www.gnupg.org/faq/weak-digest-algos.html
[3] http://csrc.nist.gov/groups/ST/hash/statement.html
[4] http://people.debian.org/~anibal/ksp-dc10/ksp-dc10.html
[5] http://keyring.debian.org/creating-key.html
[6] http://www.debian-administration.org/users/dkg/weblog/48
[7] https://github.com/tmarble/kspsig



More information about the FOSDEM mailing list