Make --enable-dsa2 the default?

Philipp Schafft lion at
Sun May 17 15:38:32 CEST 2009


On Sun, 2009-05-17 at 14:07 +0200, Werner Koch wrote:
> Hi!
> Now that GnuPG key generation defaults to RSA keys, we may want to make
> the option --enable-dsa2 the default.  The man page currently reads:
> [...]

> Folks not using the default parameters for a new key can be expected to
> know what they are doing and thus --enable-dsa2 should not get into
> their way.  There will be warning anyway.
> Opinions?

wouldn't that also change the behavor on old 1024 bit DSA keys? If I
upgrade to a newer GnuPG and have for example set SHA256 as default (for
example with a RSA signing subkey) digest wouldn't that result the
SHA256 cert sigs as well with all known problems?

 (Rah of PH2)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20090517/3c6a1848/attachment.pgp>

More information about the Gnupg-devel mailing list