Bikeshedding while the world burns

[jman]

"Robert J. Hansen via Gnupg-users" <gnupg-users at gnupg.org> writes:

> Seriously. Most users don't need 30-year security, they need 10-year
> security at the outside, for secrets that are relatively low value
> (under $1 million). RSA-1024 still looks solid for that time
> window. It might be possible to break an RSA-1024 key today, but not
> for a million dollars.

I think that's only part of the story. Would it be accurate to say that many users need, let's say, 
5-year security and need it *yesterday*?

> I would very much like GnuPG to decide either to:
>
> 	(a) implement RFC9580 in GnuPG, even if it's not enabled
> 	    by default
> 	(b) make a clean break from RFC9580 and go on to solve a
> 	    similar-but-different set of problems a similar-but-
> 	    different way
>
> I don't care which is done but I really think we need to do one or the
> other.

Ok, so this is executive summary.

Sorry if my comment is off-topic, I don't know if it relevant to discussing a protocol, but I get 
the feeling that for the users I mention above, GnuPG is just not a choice because it is stuck into 
this "email confidentiality" scenario which has become much less relevant.

I would also would love GnuPG to get up-to-speed with a number of modern threat scenarios and use 
cases that currently are solved (good or bad I can't say) by Signal or Threema or 
<preferred-smartphone-chat-app>.

I don't know if GnuPG is, by design, a tool oriented to other use cases.

Regards,