Nullify's GnuPG 1.0.7 Release 2

Werner Koch
Fri May 3 08:35:01 2002

On Thu,  2 May 2002 16:45:38 -0500, Keith Ray said:

> * SHA-2 Clearsignature - allows clearsigned messages with SHA-2

There is no other implementation using SHA-256, so you using this you
will only foster interoperabilty problems.  There is a reason that we
changed the default algorithms used by GnuPG to those which are not
marked as OPTIONAL in rfc2440. 

GnuPG 1.1 will have a SHA-256ff but won't use it by default to
generate messages.

>   - Enables GPG to generate RSA v3 keys

As already said, v3 keys do have minor security problems.

>   - Enables GPG to generate RSA v4 sign and encrypt keys

One should not use the same key for signing and encryption.