[Pkg-gnupg-maint] Bug#739424: gnupg dies with "gpg: out of secure memory [...]" since 1.4.16-1
Werner Koch
wk at gnupg.org
Tue Sep 30 07:17:02 UTC 2014
On Tue, 30 Sep 2014 06:56, schmorp at schmorp.de said:
> Werner, I find your reply disingenious - I cannot believe that you are not
> aware that what you are writing is misleading and/or outright wrong.
Please read the FAQ and if you disagree, feel free to re-open the
discussion for yet another round on gnupg-users. I am more than tired
of the those key size matters discussions. It is plainly wrong. You
have to take the whole system in account and not just one aspect. 16k
keys are ridiculous and dangerous for the hole crypto environment.
> This is a strawman argument - which attacks would gnupg open itself up if
> it increased the limit to be sufficient for longer keysizes recommended
You only look at technical arguments and not on arguments regarding
usability. Only a few 16k signature on a lot of keys makes the WoT
re-checking slow. Having to encrypt to just one of those keys in a
multi-recipient messages stops the workflow and makes people consider to
switch off encryption. Maybe not on your machine but definitely on all
smaller machines. Thus it harms the overall usability of the system
just for a few strawmen's misdirected huge key size is better opinion.
> You have provided zero evidence in favour of not fixing this bug, but
Marc, pretty please read the FAQ.
I won't continue to discuss this here anymore. Sorry. My time is too
precious for repeating the same arguments over and over again. Go to
gnupg-users and you will find a lot of people who have enough time to
discuss this with you.
I am sorry, that some keys broke due to the recent security update. The
reason why it was possible to create such keys in the first place was
actually a bug in GnuPG which didn't limit the keysize when generating
it from a parameters file. These are all expert options and if you are
an expert it is plausible to assume that an expert knows how to evaluate
security.
Shalom-Salam,
Werner
ps.
> you do not want fix this bug, keeping keysizes in gnupg arbitrarily low
> for your own private reasons.
I do not know whether or what you want to imply withn that claim. It
sounds quite insulting, though.
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Pkg-gnupg-maint
mailing list