list of OpenPGP implementations [was: Re: Changing GPG's default key type?]
dshaw at jabberwocky.com
Fri Jul 31 06:22:52 CEST 2009
On Jul 30, 2009, at 10:06 PM, Robert J. Hansen wrote:
>> Is that an example of a potential problem implementation? Note
>> that the McAfee product does support RSA (not surprising, given its
> I don't know.
> There are a wide number of implementations with various degrees of
> conformance, RFC4880 is fairly new and there's no guarantee vendors
> have caught up with it, old systems continue to be used despite our
> wishes (look at how many 6.5.8 users are out there), and so forth
> and so forth.
RSA was not added in RFC-4880. It dates back to PGP 5 (1997-ish), and
was first formalized (in the RFC sense) in RFC-2440 in 1998. It's
been in a RFC for 10+ years now. Of course, it's been optional for
all that time as well.
Your comment is similar to the logic that we used when deciding about
making the RSA the new default key type: DSA-1024 wasn't cutting it
any longer for both length reasons and also the inability to use
larger hashes as it is locked to 160 bits (SHA-1 / RIPEMD160). The
two best options we saw were either DSA2 by default (required by the
spec, but only added in RFC-4880 and so not as widely supported as
RSA), or RSA (not required by the spec, but very widely supported). A
major reason we didn't choose DSA2 was because it wasn't widely
supported enough. It turned out later that the PGP people made the
same decision for their product, and I actually found one product that
supports RSA but not DSA (yes, I know that makes them noncompliant,
but nevertheless they do exist).
Security (actually most things in engineering) is about balancing
various competing interests and issues. Personally, I weigh the
ability to use a larger key with a larger hash more than I do the
knowledge that I might find some implementation that doesn't like my
key someday (I haven't actually found such an implementation yet, but
such an implementation could be written and be perfectly OpenPGP
compliant). Others may not weigh things the same way, and GnuPG
serves them as well - they can create whatever key type works for
their particular balance.
Incidentally, a nice side benefit of RSA is the ability to store a key
on a smartcard. I wasn't a major fan of the previous generation of
cards as you couldn't easily carry it with you unless you knew you had
a smartcard reader where you were going. The new cards can be punched
for use in a SIM type reader, so the card plus the reader is the same
size as a USB "thumb drive" stick. The smaller form factor makes a
dramatic improvement in the user experience for me.
More information about the Gnupg-users