In my view, gnupg already offers too much choice. There is no real reason to have so many options. They should have given 2 to chose from - a small and fast and a large and slow (both sort of balanced, too), say
a) DSA-1024 (SHA1) & Elgamal-1024, cipher 3DES - fingerprint SHA1 and b) DSA-3072 (SHA256) & Elgamal-3072, cipher AES-128 - fingerprint SHA256 If one of the ingredients is broken, gnupg has to be redesigned anyways. The idea that we can simply go on in this case and use the fallback functions doesn't seem realistic to me. The easiest case to handle (fallback-wise) would be that AES is broken. But even then there would be a huge chaos and thousands of keys would have to be updated etc (which many users won't do anyways), so that the web of trust will break down then. A complete start will be best even in this case, with new keys. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
