> by this argument, you should have pushed for RSA 3072 during the > last defaults change, since it would have lasted longer than 2048 ;)
You're absolutely right, I should have. :) I took my eye off the ball and didn't notice we were changing defaults, otherwise I would've argued then for RSA-3072. > At any rate, changes are afoot, and i don't think we should be afraid > to update the defaults if we think a new set is reasonable. Point, point. The ECC ecosystem isn't mature enough to encourage users to migrate to it. Okay, so drop the ECC recommendations from my suggestions. RSA-3072/SHA-256 + one of the modern 128-bit block ciphers, plus strong recommendations against CAST5, IDEA, or using 64-bit block ciphers to do bulk encryption. So far that all seems pretty uncontroversial. :)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users