DSA2 default status
dshaw at jabberwocky.com
Wed Nov 18 15:47:47 CET 2009
The default for DSA2 in GPG is currently "off" - that is, by default, we fix the size of a DSA key at 1024 bits, and the q size (to specify the hash) at 160 bits. We've supported DSA2 since mid-2006 (v1.4.4 - a year later in GPG2: v2.0.7), but it has always been restricted behind a --enable-dsa2 option to prevent people from shooting themselves and others in the foot by making keys that could not be widely used. By passing --enable-dsa2, they "opt-in" to that risk, and can generate whatever key type they like.
Proposal: I think it's time to make --enable-dsa2 the default. It's been supported for 3 years in GPG and almost as long in PGP. Plus, the DSA key type is no longer the default in GPG anyway - it takes an explicit decision by a user to use DSA in the first place, which acts as the "opt-in".
More information about the Gnupg-devel