Do you have any idea why we are still using GPG with RSA cryptography when elliptic curve cryptography (ECC) has been available since 2015-ish?*

I get we probably were very afraid of compatibility with old systems and may have issues, but I'm pretty sure we are mostly OK.


@esparta The answer is corporate folk who have built large environments only upgrade when their vendors stop supporting an older design... or when their marketing team gets the ear of the CEO and complains about poor website analytics.

@greypilgrim is it?
gnupg is usually used by individuals to encrypt and sign communications, not as many enterprise or corporation use it as a norm. I mean, is way different than what sshd using RSA for authentication which is highly used by corps.
Besides big orgs like debian I'm not aware of places where is broadly used.


@esparta Ah. I guess I was not speaking to the context of gnupg.

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.