GnuPG cryptographic defaults on the 2.2 branch
Robert J. Hansen
rjh at sixdemonbag.org
Thu Sep 21 18:56:56 CEST 2017
> I am merely asking for more safety
> margin, which comes at little to no cost.
And the proper response to this is, "absolutely not". *Why* we add more
margin is as important as the margin itself.
There are some very good justifications to move to RSA-3072:
* Compliance with NIST guidance
* Raising the minimum estimated work factor to 2**127
* User demand
* Etc., etc.
But "it costs very little to get more margin", when our margin is
already a factor of a *billion* stronger than it needs to be, is just a
nonstarter. If a billion isn't enough for you, then what is?
More information about the Gnupg-devel