> see also https://bugs.debian.org/739424 and https://dev.gnupg.org/T1732 > > here's the commit log:
Thank you for digging this up. I'd like to open a discussion about removing this option. First, I think it was a misfeature from conception. The justification was, "Some older implementations built and used [large] RSA keys" -- which is absolutely true -- but there was no justification given to allowing RSA keys *generated today* to be of that size. Allowing GnuPG to import keys of that size might be necessary to give users an upgrade path; allowing GnuPG to *generate* keys of that size seems unjustified. Since we are no longer concerned with "older implementations" (which I'm assuming means "PGP 2.6 and its derivatives"), the original justification is gone. And on the downside, keeping this option in place encourages a kind of cryptofetishism where all that matters is key length. Anyone want to point out what I'm missing? I don't want to sound as if my mind is made up, but right now it truly seems to me the --enable-large-rsa option is a misfeature.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
