force-v4-certs and digest-algo
David Shaw
dshaw@jabberwocky.com
Fri May 10 21:19:01 2002
On Fri, May 10, 2002 at 01:52:32PM -0500, Robert J. Hansen wrote:
> > The entire point of the IETF, and of the RFC system, is to eliminate the
> > "de facto standards" mess, and give us actual standards.
>
> ... and to further elaborate my point (which follows from that): a
> standard quickly devolves to near-uselessness if people start extending it
> willy-nilly. Look at the UNIX Wars, or "This Site Best Viewed In". A
> standard ought be adhered to unless there are clear and compelling reasons
> not to do so. I don't see any clear and compelling reason to use
> RIPEMD-160, and so I don't. (Let me say, though, that it's not my
> intention to speak for anyone but me.)
Just to be clear here, using RIPEMD-160 is completely and totally
adhering to the OpenPGP standard in every possible way. There are
certainly minor compatibility reasons not to use it, but it is
definitely part of the standard. To put this in context, other
completely optional parts of the standard are Blowfish, Twofish, and
every AES above 128 bits.
Using "Joe's Random Hash Algorithm 128" would be willy-nilly. ;)
Werner and I discussed it, and I've added the ability to pick the hash
when making a key signature (--cert-digest-algo) to 1.0.8. I do hope
people will not use this feature (and the manual explains why it isn't
a good idea), but in the end, it is up to them what hash they use.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson