Robert J. Hansen rjh at
Tue Mar 17 23:37:40 CET 2015

> I agree that defaulting to brainpool-512 right now would be a
> mistake.
> Defaulting to RSA 3072 seems reasonable to me, though.

I think it's best to minimize the number of times we change the
defaults.  If we change them too often it causes users to wonder if
there's some weakness in OpenPGP -- after all, why else would we need to
constantly play catch-up?  (Note that I don't agree with this; I just
understand it.)

So if we're looking at a situation where we think that within the next
five years we'll want to make ECC the default, I think it would be best
to get that option out in front of users now.  Default to RSA-3072,
sure, but let's get users accustomed to seeing ECC as an option so that
when we migrate fully to ECC-by-default nobody gets surprised.

I freely admit this is a human-factors argument and not a technical
argument, though.  :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150317/cfc3ce16/attachment.sig>

More information about the Gnupg-users mailing list