Just for the record, I agree that under severe circumstances choosing the new ECC features might do more harm than good. However, given the context that somebody else asked whether it's a good idea to wait for a 2.1.1 release, I'd say no, use 2.1 right away. Interpreting version numbers like that (especially when the crypto routines have their own module anyway) seems overly suspicious and might do more harm than good as well.
Out of curiosity, and I apologize if this is radically off-topic, do you have a list of "usual suspects" for auditing crypto libraries (GPG, OTR, etc.)?
(Or is the answer simply: the modern-crypto list subscribers?)
Thai Duong, Juliano Rizzo, Kenny Patterson's team at Royal Holloway, Daniel Bernstein, Trevor Perrin, Nate Lawson, the Riscure guys, the Cryptography Research team at Rambus.
Are there any well funded national intelligence organizations that does this, and still do public recommendations? In theory the NSA, MI5 etc should be advising their various governments and businesses on how to protect secrets (not just military, but protecting against corporate espionage, protecting journalistic foreign sources (think: Chinese dissidents etc)). Obviously the NSA have some very real trust issues -- but does anyone have an update on whether or not they've actually sacrificed large parts of their mission on the altar of total information awareness? Does Navy Intelligence still provide support for Tor?
---
Apparently libgcrypt hasn't been updated since late August[1]. Also relevant, GnuPGP 2.1 has been in Beta for over 4 years[2].
[1]: http://directory.fsf.org/wiki/Libgcrypt [2]: ftp://ftp.gnupg.org/gcrypt/gnupg/unstable/
---
Just for the record, I agree that under severe circumstances choosing the new ECC features might do more harm than good. However, given the context that somebody else asked whether it's a good idea to wait for a 2.1.1 release, I'd say no, use 2.1 right away. Interpreting version numbers like that (especially when the crypto routines have their own module anyway) seems overly suspicious and might do more harm than good as well.