status: establishing a PGP web of trust

Robert J. Hansen rjh at
Sat Oct 1 22:46:55 CEST 2011

On 10/1/2011 9:01 AM, Aaron Toponce wrote:

This is an argument against having a *bad* DSA implementation, in the
exact same way you shouldn't use a bad RSA implementation, either.  RSA
has just as many warnings -- take a look at how many times PKCS has been
updated to reflect new understandings of RSA's risks.

> Having a sufficient amount of paranoia, would keep you from using DSA, I
> would think.

That's the same level of paranoia that led to Kurt Goedel starving to
death because he was afraid of how everyone around him was trying to
poison him.  I don't think we should recommend that level of paranoia.

More information about the Gnupg-users mailing list