[Announce] GnuPG 2.2.1 released
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Sep 19 22:55:59 CEST 2017
On Tue 2017-09-19 17:37:51 +0200, ilf wrote:
> Is there a reason the changes defaulting to 3072-bit RSA keys [1] and
> AES-256 [2] from refs/heads/master did not make it into
> refs/heads/STABLE-BRANCH-2-2?
>
> 1. https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=909fbca19678e6e36968607e8a2348381da39d8c
> 2. https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=73ff075204df09db5248170a049f06498cdbb7aa
>
> I would really love to see these changes in wide use - and I fear
> waiting for 2.3 will push this back for years for many users.
I agree that these adjustments to the defaults should be made in the 2.2
branch. The defaults for 2.2 are likely to be with us for many years,
so we need to be thinking about the future security landscape. they are
not particularly radical changes to the defaults, but they give an
increased security margin, which we should take.
We're shipping these changes (plus some others) in the Debian packaging
for 2.2, fwiw.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20170919/6aedb102/attachment.sig>
More information about the Gnupg-devel
mailing list