On Mon 2017-10-02 15:04:07 -0400, Robert J. Hansen wrote: > Anyone want to point out what I'm missing? I don't want to sound as if > my mind is made up, but right now it truly seems to me the > --enable-large-rsa option is a misfeature.
I agree that there's no good reason to enable it by default.
But in terms of being willing to make changes to the GnuPG option space
that break backward compatibility for some users in order to improve the
overall state of GnuPG crypto, removing --enable-large-rsa isn't
anywhere *close* to the top of my list.
Note that --enable-large-rsa still only allows creation 8Kibit RSA keys,
not 10Kibit or 16Kibit keys like those reported in the original bugs, so
it doesn't actually cater to the hard-core "keylength-fetishist" crowd.
--dkg
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
