1024 key with large sub key

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Oct 3 00:14:48 CEST 2017

On Mon 2017-10-02 17:38:36 -0400, Robert J. Hansen wrote:
>> But in terms of being willing to make changes to the GnuPG option space
>> that break backward compatibility for some users in order to improve the
>> overall state of GnuPG crypto, removing --enable-large-rsa isn't
>> anywhere *close* to the top of my list.
> It's fine if it's not at the top of the list; but is there any
> compelling reason to not put it on the list?

sure, it's a simple recompile away (or installation of old versions) for
folks who want to enable it during key creation.  why would we encourage
those folks to run unmaintained versions, even if we think that their
long-key-fetishism isn't particularly well-motivated?  keeping the
two-stage thing in place makes it clear that this hard boundary is a
deliberate design decision, and some accomodation has been made, but
that we have explicit defaults for a reason.

Anyway, nothing on any list that actually deliberately "breaks backward
compatibilty for some users" is acceptable in GnuPG's current
development model afaict.

if that's not the case, then we should probably start by specifically
making a shared list of breaking changes and trying to prioritize them.


More information about the Gnupg-users mailing list