[Pki-clean-room-devel] a few questions
Elizabeth Ferdman
gnudevliz at gmail.com
Thu Dec 8 04:00:02 UTC 2016
On Wed, Dec 07, 2016 at 04:01:18PM -0700, Sean Whitton wrote:
> Hello Ana,
>
> On Wed, Dec 07, 2016 at 12:43:31PM -0800, Elizabeth Ferdman wrote:
> > For now I'm just going to make everything RSA and 2048.
>
> Why not 4096 bits?
>
Hey Sean,
Thanks for your reply. (It's Elizabeth not Ana) I will leave it up to
the user to decide, but I can put a hint that says either 2048 or 4096.
I know Daniel Pocock (one of the mentors for this project) wrote a blog
post about this topic in the link below. Ultimately the user should
decide since they'll be using the key for a specific purpose and with
specific smartcard and smartcard reader.
https://danielpocock.com/rsa-key-sizes-2048-or-4096-bits
> > I know what the signing and encryption keys are but I'm not sure about
> > what the authentication key does yet.
>
> In addition to signing and encrypting, the two other capabilities a key
> can have are certification, for signing other people's keys, and
> authentication, for use as an SSH private key (and possibly other
> things, but this is the only use of an authentication subkey I've heard
> of).
>
Ok got it.
> --
> Sean Whitton
> _______________________________________________
> PKI-Clean-Room-Devel mailing list
> PKI-Clean-Room-Devel at lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/pki-clean-room-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pki-clean-room-devel/attachments/20161207/c93d67e2/attachment.sig>
More information about the PKI-Clean-Room-Devel
mailing list