DSA keys limited to 3072 bits in GnuPG -- should have harder failure mode?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Sep 29 16:33:36 CEST 2010
On 09/29/2010 04:44 AM, Werner Koch wrote:
> On Tue, 28 Sep 2010 19:23, dkg at fifthhorseman.net said:
>> in writing up a little benchmarking script, i noticed that DSA keys are
>> limited to 3072 bits max.
> That is per FIPS 186-3.
>> The attached patch is a proposal to fail hard in this situation.
> Which would break a couple of frontends.
frontends which currently silently fail to meet their users' requests
and proceed anyway?
> This also allows us to
> silently allow larger keys once it has been defined
at that point, you would presumably move the upper limit in the same
lines affected by the patch.
> - despite that
> nobody will ever use DSA keys > 3072.
:) So why not explicitly fail when people ask for them?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 900 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-devel