The key size warning
David Shaw
dshaw at jabberwocky.com
Wed Mar 27 01:15:02 CET 2002
On Tue, Mar 26, 2002 at 06:31:41PM -0500, Michael Young wrote:
> > From: "Robert J. Hansen" <rjhansen at inav.net>
> >
> > 768-bit keys should, IMO, flag a warning about "This key is far below
> > the recommended keysize". But that's it.
>
> I agree. If I *really* want a smaller key, despite the warning,
> why should it be GnuPG's job to prevent me? I can buy the
> argument that some programs should protect the incurably stupid,
> but GnuPG is just chock-full of options that can be horribly misused
> already. A protectionist policy seems out of place.
I agree that if a user wants to do something stupid, they should be
allowed to (with appropriate warnings). Still, it's in the OpenPGP
spec that applications shouldn't generate keys smaller than 768 bits.
It's a SHOULD, and not a MUST, but it's there.
I'd say disallow it unless the user sets the --expert flag. By
setting that, the user is swearing they won't blame GnuPG for not
protecting them :)
David
--
David Shaw | dshaw at jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
More information about the Gnupg-devel
mailing list