Can you clarify when data compression is used?
David Shaw
dshaw at jabberwocky.com
Tue Feb 5 17:17:38 CET 2008
On Mon, Feb 04, 2008 at 11:12:02PM -0600, Robert J. Hansen wrote:
> I suspect--although I do not know--that a similar motivation drove
> GnuPG's decision to leave DSA-1024 as the standard.
That's basically the reason. While GPG fully supports DSA2 signatures
today, there are a large installed base that cannot handle them.
Because of this, we decided to fully accept DSA2 keys and signatures
from elsewhere, but won't generate a new DSA2 key unless the user opts
in with --enable-dsa2.
> Now that RFC4880 has come out, supplanting RFC2440, I imagine the way is
> clear to make all new keys DSA-2048 or DSA-3072. After all, now it's
> part of the standard.
The way is clear, and we'll get there eventually, but the installed
base is still pretty old. Using --rfc4880 or --openpgp does enable
DSA2, but the default is still off.
David
More information about the Gnupg-users
mailing list