Robert J. Hansen rjh at
Wed Mar 18 01:34:42 CET 2015

> Some of the defaults you propose are already there.

Yes.  My list was comprehensive ("what the new set should be"), not
differential ("what needs changing").  :)

> So, AES256 is already the default symmetric cipher (CAST5 and IDEA
> are not even in the list and must both be explicitly requested by the
> user), and SHA256 is already the default hash algorithm.

Your key pref isn't what matters: it's your default-cipher-prefs.  :)

CAST5 may not be the default choice anymore, but it can still be
selected (I believe) if the recipient's key prefs list it.  I think this
shouldn't be supported; CAST5 should only be used if (a) it's in the
recipient's key prefs and (b) it's explicitly listed in

> Do you mean signatures in general, or key signatures
> (certifications)?

The former, although I think setting cert-digest-algo SHA256 by default
may be worth discussing.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150317/50f6e0a5/attachment-0001.sig>

More information about the Gnupg-users mailing list