Can you clarify when data compression is used?

David Shaw dshaw at jabberwocky.com
Tue Feb 5 17:17:38 CET 2008


On Mon, Feb 04, 2008 at 11:12:02PM -0600, Robert J. Hansen wrote:

> I suspect--although I do not know--that a similar motivation drove
> GnuPG's decision to leave DSA-1024 as the standard.

That's basically the reason.  While GPG fully supports DSA2 signatures
today, there are a large installed base that cannot handle them.
Because of this, we decided to fully accept DSA2 keys and signatures
from elsewhere, but won't generate a new DSA2 key unless the user opts
in with --enable-dsa2.

> Now that RFC4880 has come out, supplanting RFC2440, I imagine the way is
> clear to make all new keys DSA-2048 or DSA-3072.  After all, now it's
> part of the standard.

The way is clear, and we'll get there eventually, but the installed
base is still pretty old.  Using --rfc4880 or --openpgp does enable
DSA2, but the default is still off.

David



More information about the Gnupg-users mailing list