Received: by 2002:ac0:e350:0:0:0:0:0 with SMTP id g16csp2646298imn; Tue, 2 Aug 2022 10:32:15 -0700 (PDT) X-Google-Smtp-Source: AA6agR6xeP5w3HH+2c6PWFqfhXyq4WhhWTNCUHkWiJhbe+Zn8El7a8/0cUbMBwOnTFJ2o/o92kAW X-Received: by 2002:a17:907:2d0b:b0:730:63dd:748e with SMTP id gs11-20020a1709072d0b00b0073063dd748emr10968743ejc.307.1659461534694; Tue, 02 Aug 2022 10:32:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659461534; cv=none; d=google.com; s=arc-20160816; b=kqPQ9V/qgpdYzkfT3pDdXf2XIKkYVeIAD2HcTHs8GhbTub/uwDE2S65bF2APFuUTm0 J5/xhliPo9+8yNdFV7uIGx0/59QUj257LVh6Qc8JE/+piMtALvTIndLQQvwWX2NVduYn z25GS+AQQkYEMJrGvbSUCcbVZ014tBzBzUzOEzz6Vms9SgWttiwA4foygg5/z/qZDyDG KRuBNwf1Jutut4trzu3FuXXawh0vTk6N3InCTX4qgxD2V1I/MaFGWwrSuiOP3ofUCsny lzxqDERk4WnnR54ChoGGML1PlK/bNhpoNNKp/GjHCpOTbLSu1JZc0gywDY5ECp7JmqWh OsqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=e6NijbvqJl8I0P3m6XHrZ81f2mOc7XtHT6+K/U+OWxY=; b=Hnb1Ed3Ixno3P0woR3BkU4iVeoteGNAFOXbrcvH+ssxnYlu23XXY1jbTacQzSGY3AV hdv7eVAiCAkJbd71HtYIXXwRyqbJ4f4qUS1rjrbfoHNSTXLE16KtxBohS4/SHaLyn7qW uikEQFBuym26oVyhrtqNHmEEJfMsGNWUkR7AYK8wRiPaePXP5vfTj21e1arEbEkRgTsM 9va2sY1Bs8lhwlKDafJ4UeY2JYy/KV2X4DcI4g/jxDaX6W4NgepU0JUEA6pDz709T0JI 5MrHQqkuxsTqDNtOpNCBBdBd/9nOIHNCmxAINTA/fBzz8YymI+ixOUKtz6CbhqtS/3EW t5Ow== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=google header.b=DsXX8JrT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hy24-20020a1709068a7800b0073060ad1583si2275174ejc.884.2022.08.02.10.31.50; Tue, 02 Aug 2022 10:32:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=google header.b=DsXX8JrT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233438AbiHBRQV (ORCPT + 99 others); Tue, 2 Aug 2022 13:16:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46764 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230280AbiHBRQT (ORCPT ); Tue, 2 Aug 2022 13:16:19 -0400 Received: from mail-qk1-x735.google.com (mail-qk1-x735.google.com [IPv6:2607:f8b0:4864:20::735]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 326971B797 for ; Tue, 2 Aug 2022 10:16:18 -0700 (PDT) Received: by mail-qk1-x735.google.com with SMTP id o1so11085445qkg.9 for ; Tue, 02 Aug 2022 10:16:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linuxfoundation.org; s=google; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc; bh=e6NijbvqJl8I0P3m6XHrZ81f2mOc7XtHT6+K/U+OWxY=; b=DsXX8JrT5LsPXdsw++Wlq0MCRC1wxpg01IFPY/k1QbzXqA/zirsGJH9qqfYIXPQL4G 10+koW0tw14F0n15lu2K/eA7v7I0F2k2wGhSCYlIw0eX1EuE9zPn7XJS7e3TvicvP8Gf ThcV7QAalbemYLI74l6jesYmSS0Rl/fH5O8F0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc; bh=e6NijbvqJl8I0P3m6XHrZ81f2mOc7XtHT6+K/U+OWxY=; b=wldmwKb3UsY2vL3kq1CcRdFxh0jipxLVu0mc1PsSTHzCpzCP+lqg7c6Kb9EG61ZO2/ B34WMupvsXsSduTNYBsWtQnWHREt/KSdoAO2WcSfC4GArCs1j9+P09Y347AnpnPvnfFb lXeoEDzaoODZQU1AQ+N6BjcnZrPp/rhFK03r0J/cwDFOtJDqjuD6rC/kd2PyK+6SrPdB vedXQ+1M4eP/nO3aa1tjK2RkSu9LDGBknY88pUqBRAHzVvGbML+qIpUloVicD+dKeFl2 VFq4g5q3LrSrAGyslKck6mleniRiImvZ+a/8JtJ74zW5hfo+GHMLP9imXU+s5IGlrhT0 M+Ow== X-Gm-Message-State: AJIora/+NuKxHrLZwVTEtrHhoyjdqc4TbUedvZswcutBzIXcvaMJhrye JnzUrZaCPpvluxm03FyosbJttQ== X-Received: by 2002:a05:620a:1926:b0:6b8:3f1f:fcd9 with SMTP id bj38-20020a05620a192600b006b83f1ffcd9mr15658943qkb.443.1659460577286; Tue, 02 Aug 2022 10:16:17 -0700 (PDT) Received: from nitro.local (host-142-67-156-76.public.eastlink.ca. [142.67.156.76]) by smtp.gmail.com with ESMTPSA id t22-20020ac87396000000b0031ec44aa37bsm9035499qtp.93.2022.08.02.10.16.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 02 Aug 2022 10:16:16 -0700 (PDT) Date: Tue, 2 Aug 2022 13:16:14 -0400 From: Konstantin Ryabitsev To: Bagas Sanjaya Cc: Jonathan Corbet , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org Subject: Re: [PATCH v1 3/5] maintainer-pgp-guide: update ECC support information Message-ID: <20220802171614.qrcs7aowhqtd7egj@nitro.local> References: <20220727-docs-pgp-guide-v1-0-c48fb06cb9af@linuxfoundation.org> <20220727-docs-pgp-guide-v1-3-c48fb06cb9af@linuxfoundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jul 29, 2022 at 04:11:26PM +0700, Bagas Sanjaya wrote: > > - If for some reason you prefer to stay with RSA subkeys, just replace > > - "ed25519" with "rsa2048" in the above command. Additionally, if you > > - plan to use a hardware device that does not support ED25519 ECC > > - keys, like Nitrokey Pro or a Yubikey, then you should use > > - "nistp256" instead or "ed25519." > > + Note, that if you plan to use a hardware device that does not > > + support ED25519 ECC keys, you should choose "nistp256" instead or > > + "ed25519." > > > > nistp256 isn't just ECC key algo other than ed25519. In fact, it is a > part of NIST curve family (the others are nistp384 and nistp521). > > Maybe we can just say "If unsure, or if your hardware device does not > support ED25519, use one of NIST curves (nistp256, nistp384, or nistp521) > instead". Hm... ED25519 is the default for GnuPG 2.3+, so I'm not sure it makes sense to go into this level of detail here. Folks who are likely to need to use NIST curves will probably already know this information without needing to list it in this guide. As far as I can recall, TPMs and older Nitrokey Pros are some of the few remaining devices that can't do ed25519, so the number of people who would need to use NIST curves will likely be super small. -K