> I agree that defaulting to brainpool-512 right now would be a > mistake. > > Defaulting to RSA 3072 seems reasonable to me, though.
I think it's best to minimize the number of times we change the defaults. If we change them too often it causes users to wonder if there's some weakness in OpenPGP -- after all, why else would we need to constantly play catch-up? (Note that I don't agree with this; I just understand it.) So if we're looking at a situation where we think that within the next five years we'll want to make ECC the default, I think it would be best to get that option out in front of users now. Default to RSA-3072, sure, but let's get users accustomed to seeing ECC as an option so that when we migrate fully to ECC-by-default nobody gets surprised. I freely admit this is a human-factors argument and not a technical argument, though. :)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
