Nullify's GnuPG 1.0.7 Release 2
Keith Ray
keith@nullify.org
Fri May 3 17:34:01 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Quoting Werner Koch <wk@gnupg.org>:
> On Thu, 2 May 2002 16:45:38 -0500, Keith Ray said:
>
> > * SHA-2 Clearsignature - allows clearsigned messages with SHA-2
>
> There is no other implementation using SHA-256, so you using this you
> will only foster interoperabilty problems. There is a reason that we
> changed the default algorithms used by GnuPG to those which are not
> marked as OPTIONAL in rfc2440.
>
> > - Enables GPG to generate RSA v3 keys
>
> As already said, v3 keys do have minor security problems.
>
> > - Enables GPG to generate RSA v4 sign and encrypt keys
>
> One should not use the same key for signing and encryption.
Nothing in the Nullify release forces the user to do any of these
things. In fact, they would have to go out of their way to do so.
Since SHA-256/384/512 is not the default hash, a user would have to
explicitly change their algorithm preferences after key creation or
force its use on the command line. Generating RSA v3 keys or RSA v4
sign+encrypt keys can only be done with the --expert option. The reason
I created the Nullify release was to give the USER the option to use the
algorithms and features he/she wants.
-- Keith
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (MingW32) - GPGshell v2.28
iD8DBQE80q3TBxrjkHkmmhIRAv17AJ9s6Is38HX827PRuhJEab8yVt2G3wCfeNcb
VdDua4GBoFFjlpS59jRhVa8=
=Mi/y
-----END PGP SIGNATURE-----