Make --enable-dsa2 the default?

Philipp Schafft lion at lion.leolix.org
Sun May 17 15:38:32 CEST 2009


reflum,

On Sun, 2009-05-17 at 14:07 +0200, Werner Koch wrote:
> Hi!
> 
> Now that GnuPG key generation defaults to RSA keys, we may want to make
> the option --enable-dsa2 the default.  The man page currently reads:
> [...]

> Folks not using the default parameters for a new key can be expected to
> know what they are doing and thus --enable-dsa2 should not get into
> their way.  There will be warning anyway.
> 
> Opinions?

wouldn't that also change the behavor on old 1024 bit DSA keys? If I
upgrade to a newer GnuPG and have for example set SHA256 as default (for
example with a RSA signing subkey) digest wouldn't that result the
SHA256 cert sigs as well with all known problems?


-- 
Philipp.
 (Rah of PH2)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20090517/3c6a1848/attachment.pgp>


More information about the Gnupg-devel mailing list