list of OpenPGP implementations [was: Re: Changing GPG's default key type?]
Robert J. Hansen
rjh at sixdemonbag.org
Fri Jul 31 06:35:37 CEST 2009
> RSA was not added in RFC-4880. It dates back to PGP 5 (1997-ish),
> and was first formalized (in the RFC sense) in RFC-2440 in 1998.
> It's been in a RFC for 10+ years now. Of course, it's been optional
> for all that time as well.
Yes; it was more a general statement about why when talking about
general interoperability with unknown clients I avoid optional bits or
bits newly-added to the standard, rather than a statement about RSA's
support in PGP.
> Personally, I weigh the ability to use a larger key with a larger
> hash more than I do the knowledge that I might find some
> implementation that doesn't like my key someday (I haven't actually
> found such an implementation yet, but such an implementation could
> be written and be perfectly OpenPGP compliant).
Generally, I agree with you. My own key is DSA2, for example. But I
think that in the main, the advice of looking towards interoperability
is a good one, especially if you don't know the capabilities of other
Reasonable people may certainly disagree with me on this. There's a
strong case to be made that by shifting to new implementations
pressure gets applied to users of outdated implementations to upgrade.
More information about the Gnupg-users