I have generated a new OpenPGP key that I will start migrate over to immediately, however, I do not really expect to revoke my current keys within the next few years for reasons found below. But before getting into that - the new key info. As per my usual setup the encryption subkey has a one year expiry. (I've also updated the keys 0x16E0CF8D6B0B9508 and 0x0B7F8B60E3EDFAE3 with new encryption subkeys for next year)

*pub 521E/43FE956C542CA00B created: 2012-10-07 expires: never usage: SC
sub 521e/063FC02F1BFDEAA8 created: 2012-10-07 expires: 2013-12-30 usage: E
*

**Why do I expect such a long migration path? **

This key is an Elliptic Curve Public key following RFC6637. It is using a NIST curve of an ECC strength that is 521 bits, which relative to an RSA key should be about 15,360 bits. My RSA key that is this length apparently isn't supported in newer versions of GnuPG (version 2.1, that is using GPG Agent for storing the secret keys)

Currently the only implementation I'm familiar with that accept ECC keys is GnuPG 2.1, which is still in Beta. The SKS keyservers handle this type of key since version 1.1.4 and the sub-pool hkp://subset.pool.sks-keyservers.net require servers to be at this version, and is as such ECC safe .

The new key might also turn out to be replaced if we get an OpenPGP standard of versions 5 within a reasonable timeframe. Until then, contact me using whichever key you want - as long as you consider the value of your own privacy and is using one of them.

>> It is using a NIST curve of an ECC strength that is 521 bits,

Arend those NIST curves already compromised by NSA?

Most speculation on NIST having been affected by the NSA is regarding the random number generator EC_Dual_DBRG, not the curves themself. But the Prime curves are indeed under a bit of additional scrutiny these days (e.g. http://cr.yp.to/talks/2013.05.31/slides-dan+tanja-20130531-4x3.pdf ) so I might consider switching to e.g. the updates of the ed25519 curves by DBG that are discussed in e.g. http://silentcircle.wordpress.com/2013/09/30/nncs/ if an amendment to OpenPGP using them gets available.

Take a look at this project for safe curves http://safecurves.cr.yp.to/

Indeed familiar with that site, it is a very good collection of information ðŸ™‚ It wouldn't surprise me if we see alternatives to the NIST curves in the OpenPGP standard going forwards.