The key size warning

David Shaw dshaw at
Wed Mar 27 17:22:02 CET 2002

On Wed, Mar 27, 2002 at 03:50:13PM +0100, Janusz A. Urbanowicz wrote:
> Michael Young wrote/napisa?[a]/schrieb:
> -- Start of PGP signed section.
> > > From: "Robert J. Hansen" <rjhansen at>
> > >
> > > 768-bit keys should, IMO, flag a warning about "This key is far below
> > > the recommended keysize".  But that's it.
> > 
> > I agree.  If I *really* want a smaller key, despite the warning,
> > why should it be GnuPG's job to prevent me?  I can buy the
> > argument that some programs should protect the incurably stupid,
> > but GnuPG is just chock-full of options that can be horribly misused
> > already.  A protectionist policy seems out of place.
> I have to disagree.
> It depends on who you are protecting. If you are dealing with people who can
> do a realistic risk assessment. But as long as we aim for getting PGP/GPG
> more popular, it means that people who are unable to do so (casual users)
> will use the software. Thus the software should take precautions to protect
> them, by assuming reasonably secure defaults, and with protecting them from
> doing stupid mistakes.
> While I don't like adding YA commandline option to gpg, a option
> --expert-mode allowing to do 'stupid things' seems reasonable in the
> context.

There is already an --expert in 1.0.7.  It controls whether a user is
allowed to sign a revoked key, sign a revoked uid, sign an expired
key, add multiple photo IDs to a key and add a photo ID to a PGP
2.x-style key.  All things that probably shouldn't happen unless the
user knows what they are doing.

It seems reasonable to use it for allowing really small keysizes as
well.  In any case, the RFC discourages ("SHOULD NOT") sizes smaller
than 768.


   David Shaw  |  dshaw at  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

More information about the Gnupg-devel mailing list