Are DSA2 signing keys backwards compatible?

David Shaw dshaw at
Mon Feb 11 05:58:57 CET 2008

On Sun, Feb 10, 2008 at 09:51:03PM -0600, Robert J. Hansen wrote:
> David Shaw wrote:
>> This is not how it works.  There is nothing becoming de-facto here.
>> Longer DSA keys are the de-jure standard today, and people are just
>> going to have to upgrade.
> I think that's reversed: DSA2 is quickly becoming a de facto standard, but 
> it is not a de jure standard.
> De facto: "in fact".  De jure: "in law".  De jure standards exist on paper 
> but are not respected, de facto standards exist in reality but may not 
> exist on paper.
> If I am mistaken as to what you meant to say, please correct me.  :)

I really did mean what I said.  De jure doesn't mean it exists on
paper and is not respected.  It just means it exists on paper, period.
As you say, "in law".  RFC-4880 is the published OpenPGP standard, and
it specifies DSA2.  Thus, de jure.

It will take some time for the "facts" to catch up with the "law"
here.  Hence the need for people to upgrade.


More information about the Gnupg-users mailing list