The key size warning
Janusz A. Urbanowicz
alex at bofh.torun.pl
Wed Mar 27 16:05:01 CET 2002
Michael Young wrote/napisał[a]/schrieb:
-- Start of PGP signed section.
> > From: "Robert J. Hansen" <rjhansen at inav.net>
> >
> > 768-bit keys should, IMO, flag a warning about "This key is far below
> > the recommended keysize". But that's it.
>
> I agree. If I *really* want a smaller key, despite the warning,
> why should it be GnuPG's job to prevent me? I can buy the
> argument that some programs should protect the incurably stupid,
> but GnuPG is just chock-full of options that can be horribly misused
> already. A protectionist policy seems out of place.
I have to disagree.
It depends on who you are protecting. If you are dealing with people who can
do a realistic risk assessment. But as long as we aim for getting PGP/GPG
more popular, it means that people who are unable to do so (casual users)
will use the software. Thus the software should take precautions to protect
them, by assuming reasonably secure defaults, and with protecting them from
doing stupid mistakes.
While I don't like adding YA commandline option to gpg, a option
--expert-mode allowing to do 'stupid things' seems reasonable in the
context.
Alex
--
C _-=-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling | | *
; (_O : +-------------------------------------------------------------+ --+~|
! &~) ? | Płynąć chcę na Wschód, za Suez, gdzie jest dobrem każde zło | l_|/
A ~-=-~ O| Gdzie przykazań brak dziesięciu, a pić można aż po dno; | |
More information about the Gnupg-devel
mailing list