> I never attributed RSA-1024 to you: i'm merely pointing out that good
> enough for "virtually all users" and "virtually all purposes" is the
> wrong way to select choices that we want to cover the most vulnerable
> targets.

Sorry for the double response -- I thought I'd included this in my
previous mail, but I didn't.

I am not in favor of covering more than 'virtually all users' and
'virtually all purposes.'  The difference between 99% of GnuPG's users
and 100% of GnuPG's users is, first of all, impossible to close, and
second of all, requires ever-increasing expense just to approximate it.

Phil Z. designed PGP to be Pretty Good Privacy.  Not perfect... just
pretty good.  GnuPG is quite clearly built in the same vein.

"Virtually all" is the right way to select defaults.  The next step
beyond "virtually all" is "all."  We can't achieve that and it's foolish
to try.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to