On May 4, 2009, at 1:28 PM, Christoph Anton Mitterer wrote:
On Mon, 2009-05-04 at 10:40 -0400, David Shaw wrote:
We are currently thinking about changing the default
primary to a 2048-bit RSA key.
Nice :-)
We are not proposing changing our default
signing hash, which will remain SHA-1.
Uhm.. why not?
Concerns about compatibility, mainly. There is a much larger
installed base of clients that understand SHA-1 than that understand
(say) SHA-256. SHA-256 has only been understood in a non-development
version of GPG since 2004. If I recall properly, PGP added it more or
less around the same time. That's not that long ago, and I frequently
see people asking for support for some version of GPG or PGP that
predates SHA-256.
Mind you, we're not stopping people from choosing to use SHA-256 or
whatever they like, and with a RSA key, they are of course free to
choose anything. SHA-1 is just a default. One way to look at the RSA
change, in fact, is to enable users to make their own hash choice,
which they didn't really have with the previous default of a 1024-bit
DSA key (so locked at 160 bits).
None of this means that we wouldn't change the default signing hash at
some point later. It's just not something we're currently planning on
for today.
David