> Some of the defaults you propose are already there. Yes. My list was comprehensive ("what the new set should be"), not differential ("what needs changing"). :)
> So, AES256 is already the default symmetric cipher (CAST5 and IDEA > are not even in the list and must both be explicitly requested by the > user), and SHA256 is already the default hash algorithm. Your key pref isn't what matters: it's your default-cipher-prefs. :) CAST5 may not be the default choice anymore, but it can still be selected (I believe) if the recipient's key prefs list it. I think this shouldn't be supported; CAST5 should only be used if (a) it's in the recipient's key prefs and (b) it's explicitly listed in default-cipher-prefs. > Do you mean signatures in general, or key signatures > (certifications)? The former, although I think setting cert-digest-algo SHA256 by default may be worth discussing.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users