[garrettr_]

> You are saying that if one part of your trust chain is limited to a certain security level, then it makes no sense to make any part stronger.

Security is only as strong as the weakest link. My argument is that if your adversary is powerful enough to factor an RSA-2048 bit key (but cannot factor an RSA-4096 bit key), then it is likely they would also be powerful enough to compromise your data via one of the "weaker links" that I described, rendering the stronger key worthless.

I am not saying that it makes no sense to make any part stronger, just reminding you that crypto is not magic security dust and bigger keys don't necessarily make you safer in the context of an exploitable endpoint environment.

The goal of this final part was to reinforce my argument that the security benefits of using a smartcard outweigh the benefits of using larger RSA keys, and so I am encouraging the use of a Yubikey as a GPG smartcard despite the limitation of only allowing up to 2048-bit keys. Hopefully they will support larger keys and/or ECC in the future and we can all switch to that when it is available.