1.3.6 cert signatures
atom at suspicious.org
Sun Jul 25 08:24:41 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
On Sun, 25 Jul 2004, David Shaw wrote:
> Incidentally, don't assume that because SHA-256 is larger than SHA-1
> that it is stronger. Remember the lesson of SHA-0.
very true. i have to admit that i was ASSuming that the difference in
strength between SHA-1 and SHA-256 is straightforward... but history may
> Programs do not become obsolete overnight. PGP 2.x is generally
> considered obsolete, but that took *years* (and some people seem to
> have missed the memo). GnuPG doesn't even support generating SHA-256
> signatures yet. You are using a development build (or hacking 1.2.x)
> to do it, so it's rather premature to claim that the actual released
> version of GnuPG is now obsolete...
i don't want to imply that the release branch is obsolete, or even lacking
anything for 99.99% of users... i'm well aware that i'm pushing things to
i can't remember the last time a saw a 1.2.2 version header. (are GnuPG
users just more likely than PGP users to upgrade regularly?) i'm
generating the SHA-256 certs with 1.3.x, and 1.2.4 seems to handle them
fine. i have both versions installed on my desktop, and did enough testing
between them that i'm happy with it.
> Not today. Not tomorrow. Next year? I don't know. I have not
> rigorously tested interoperability with SHA-256 certification
> signatures. I have seen some anecdotal evidence, but nothing more.
> It may just not work without harming much else, or it may fail in some
> large and messy manner under certain conditions. Not enough data yet.
i guess i'll be the guinea pig ;)
> To a certain extent, I guess I have cast my vote on the issue since
> GnuPG 1.2.x cannot generate SHA-256 certification signatures and GnuPG
> 1.3.x can.
> Even when 1.3.x becomes GnuPG 1.4, though, the default will remain
> SHA-1. People will need to explicitly set the digest to SHA-256 if
> they want to.
as long as most people are using DSA primary keys, most people will never
generate a cert signature with anything but SHA-1.
while we're kind of on the topic, i noticed these things when signing keys
1) if i do explicitly set it to generate a cert with SHA-256, and i'm
signing something with a DSA key, gpg will consider it a hard error and
exit. would it make more sense to just issue a warning in that case? i'm
not going to ask for a "cert-digest-preferences" option.
2) according to the 1.3.6 man page, "--ask-cert-level" should be on by
default. that seems to be incorrect.
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
"Under this law (Controlled Substances Act) a bureaucrat -
usually not elected - decides whether or not a substance
is dangerous and how dangerous that substance is. There's
no more messing around with legislatures, presidents, or
other bothersome formalities. When MDMA (ecstasy) was made
illegal in 1986, no elected official voted on that. It was
done "in house." People are now in jail because they did
something that an administrator declared was wrong."
-- Peter McWilliams,
"A Closer Look at the Consensual Crimes"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
-----END PGP SIGNATURE-----
More information about the Gnupg-devel