Questions about generating keys

John Clizbe JPClizbe at tx.rr.com
Wed Aug 22 22:34:50 CEST 2007


Oskar L. wrote:
> 
> I can't understand why RSA isn't the default. The only argument defending
> DSA I've heard is that DSA creates smaller signatures. Is this really so
> important to people that they are willing to give up all the benefits of
> RSA for it?

"Business reasons" ever come up as a rationale? RSA was patent encumbered until
Sept. 2000. To include RSA, NAI would of had to have given RSADSI a license to
freely redistribute PGP - not exactly in their (NAI's) best interests.

Patent issues were still around when RFC 2440 was being drafted, hence RSA and
IDEA being deprecated.

Maybe reading some history of modern cryptography would help.

See this FAQ from circa 1999 (Dated but historically accurate):
	http://www.scramdisk.clara.net/pgpfaq.html#SubOpenPGP
	http://www.scramdisk.clara.net/pgpfaq.html#SubRSAREF

> I understand, but surely an RSA keypair must be such a common thing
> that it could have it's own option? What I find really strange is that
> the archives mention a sixth option, "(6) RSA (sign and encrypt)", but
> version 1.4.6 gives me:
> 
> Please select what kind of key you want:
>    (1) DSA and Elgamal (default)
>    (2) DSA (sign only)
>    (3) DSA (set your own capabilities)
>    (5) RSA (sign only)
>    (7) RSA (set your own capabilities)
> 
> Why was the sixth option removed?

Cause it's covered by 7? There are so many possible combination of key/subkey
capabilities that listing all of then would make the menu far too long.

> 
> Alex wrote:
>> Yes, common sense. if you submit your key to a keyserver, there
>> should be some way to distinguish your key from hundreds of
>> other having the same short name, when searching for a key.
> 
> Sorry, I forgot to say that I don't use any keyservers. Only my
> friends can get my private e-mail address and "private" public key.

Relying on the 'highly effective" Security via Obscurity model, huh?

There's no guarantee that your key won't end up on a keyserver nor is there one
that your "private" email address won't leak into the public,


-- 
John P. Clizbe                      Inet:   John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A
"what's the key to success?"        / "two words: good decisions."
"what's the key to good decisions?" /  "one word: experience."
"how do i get experience?"          / "two words: bad decisions."

"Just how do the residents of Haiku, Hawai'i hold conversations?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070822/f515470d/attachment-0001.pgp 


More information about the Gnupg-users mailing list