list of OpenPGP implementations [was: Re: Changing GPG's default key type?]

Robert J. Hansen rjh at
Fri Jul 31 06:35:37 CEST 2009

> RSA was not added in RFC-4880.  It dates back to PGP 5 (1997-ish),  
> and was first formalized (in the RFC sense) in RFC-2440 in 1998.   
> It's been in a RFC for 10+ years now.  Of course, it's been optional  
> for all that time as well.

Yes; it was more a general statement about why when talking about  
general interoperability with unknown clients I avoid optional bits or  
bits newly-added to the standard, rather than a statement about RSA's  
support in PGP.

> Personally, I weigh the ability to use a larger key with a larger  
> hash more than I do the knowledge that I might find some  
> implementation that doesn't like my key someday (I haven't actually  
> found such an implementation yet, but such an implementation could  
> be written and be perfectly OpenPGP compliant).

Generally, I agree with you.  My own key is DSA2, for example.  But I  
think that in the main, the advice of looking towards interoperability  
is a good one, especially if you don't know the capabilities of other  

Reasonable people may certainly disagree with me on this.  There's a  
strong case to be made that by shifting to new implementations  
pressure gets applied to users of outdated implementations to upgrade.

More information about the Gnupg-users mailing list