dshaw at jabberwocky
May 7, 2009, 8:12 AM
Post #2 of 2
(476 views)
Permalink
|
|
Re: blacklisting MD5 in gpg [was: Re: un-trusting MD5 in gpg]
[In reply to]
|
|
On May 7, 2009, at 10:37 AM, Daniel Kahn Gillmor wrote:
> On 05/07/2009 04:57 AM, Werner Koch wrote:
>> On Thu, 7 May 2009 00:04, dshaw [at] jabberwocky said:
>>
>> I would prefer
>>
>> --blacklist-digest-algo NAME_or_NUMBER
>>
>> The reason is that we do not need a specific order as with
>> personal-digest-preferences. It makes implementation (cf. gpgconf)
>> easier and better matches other options related to algorithms.
>
> So if gpg eventually decides to blacklist MD5 by default, and a user
> throws caution to the winds and decides that they simply must rely on
> (or create) signatures over MD5, they'd do:
>
> --no-blacklist-digest-algo MD5
>
> is that right?
Sounds good.
> Should gpg --version somehow indicate algorithms which it knows about
> but which are blacklisted in the current configuration?
That's a good idea. Maybe putting it in brackets or something like
"[MD5]" to indicate that it exists, but isn't being used.
David
_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
|
signature.asc
