Nullify's GnuPG 1.0.7 Release 2

Len Sassaman
Fri May 3 17:48:02 2002

On Fri, 3 May 2002, Werner Koch wrote:

> On Thu,  2 May 2002 16:45:38 -0500, Keith Ray said:
> > * SHA-2 Clearsignature - allows clearsigned messages with SHA-2
> There is no other implementation using SHA-256, so you using this you
> will only foster interoperabilty problems.  There is a reason that we
> changed the default algorithms used by GnuPG to those which are not
> marked as OPTIONAL in rfc2440.

I do think that understanding SHA-256 and SHA-512 is a good thing,
however. At some point, I expect DSS to be expanded to use larger key
sizes with the new hashes. It would be nice to have some support in the
existing versions.

> GnuPG 1.1 will have a SHA-256ff but won't use it by default to
> generate messages.


> >   - Enables GPG to generate RSA v3 keys
> As already said, v3 keys do have minor security problems.

I do really wish that PGP 5/OpenPGP had simply broken backwards
compatibility with them.

> >   - Enables GPG to generate RSA v4 sign and encrypt keys
> One should not use the same key for signing and encryption.

Agreed -- this is a Bad Thing. What is the reason for wanting this?