Nullify's GnuPG 1.0.7 Release 2
Len Sassaman
rabbi@quickie.net
Fri May 3 17:48:02 2002
On Fri, 3 May 2002, Werner Koch wrote:
> On Thu, 2 May 2002 16:45:38 -0500, Keith Ray said:
>
> > * SHA-2 Clearsignature - allows clearsigned messages with SHA-2
>
> There is no other implementation using SHA-256, so you using this you
> will only foster interoperabilty problems. There is a reason that we
> changed the default algorithms used by GnuPG to those which are not
> marked as OPTIONAL in rfc2440.
I do think that understanding SHA-256 and SHA-512 is a good thing,
however. At some point, I expect DSS to be expanded to use larger key
sizes with the new hashes. It would be nice to have some support in the
existing versions.
> GnuPG 1.1 will have a SHA-256ff but won't use it by default to
> generate messages.
Good.
> > - Enables GPG to generate RSA v3 keys
>
> As already said, v3 keys do have minor security problems.
I do really wish that PGP 5/OpenPGP had simply broken backwards
compatibility with them.
> > - Enables GPG to generate RSA v4 sign and encrypt keys
>
> One should not use the same key for signing and encryption.
Agreed -- this is a Bad Thing. What is the reason for wanting this?
--Len.