force-v4-certs and digest-algo

[Robert J. Hansen]

> SHA1 was created by the US government. I feel that the US government does not
> have its citizens best interest at heart in the realm of cryptography, and

SHA-1 isn't used for message security; it's used for message
authentication.  The NSA's mandate includes keeping US Gov't traffic
secure, and as such, deliberately creating a faulty hash
algorithm--especially one that's heavily used throughout the USG--would
be counter to the NSA's mandate.

Then there's also the intense peer review, and the fact that it's SHA-1,
not SHA-0... SHA-0 had a nasty, but very subtle, bug.  Who found the
bug, publicized it, and issued a fix?  The NSA.

While I agree there's a lot of room for skepticism on the NSA's motives,
it appears to me that throwing out SHA-1 is tossing the baby out with
the bathwater.  Still--if it floats your boat, use RIPEMD160.

> independently outside of the US. Anyway, whatever my reason, shouldn't it
> be my choice?

Not necessarily.  The axiom which guides GnuPG is "be liberal in what
you accept, but conservative in what you generate".  If I recall,
RIPEMD-160 is a SHOULD, not a MUST.  It would be entirely consistent and
RFC-conformant for GnuPG to accept RIPEMD-160 in traffic, but to only
use SHA-1 for output.

I'm not suggesting we do that, by the by.  I'm just pointing out that
"shouldn't it be my choice?" isn't always something you answer with a
"yes".  There's a time and a place for strict enforcement of policy.