1.3.6 cert signatures

Atom 'Smasher' atom at suspicious.org
Sun Jul 25 23:30:01 CEST 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Sun, 25 Jul 2004, David Shaw wrote:
> On Sun, Jul 25, 2004 at 02:24:41AM -0400, Atom 'Smasher' wrote:

> I've noticed in the PGP world, the users who don't upgrade do tend to
> upgrade within a particular series of PGP.  So PGP 6 people will use
> the latest PGP 6, but not upgrade to PGP 7 or 8, etc.  This sort of
> makes sense since each major release of PGP has had fairly different
> characteristics (command line available or not, source code release or
> not, and so on).
================

sounds to me like more good reasons to be using GnuPG ;)


> Did you try the SHA-256 cert signatures with PGP 8?
=================

no, but i think it claims to support SHA-256. if anyone has a copy (of 
PGP-8) installed, feel free to test my key on it... i recently added two 
RSA subkeys with SHA-256 certs.


> No.  This is a hard error, since you asked GnuPG to do something that
> is not possible (use a >160-bit hash with DSA).  A warning (and
> presumably using SHA-1 as the hash) risks doing something the user did
> not desire to happen.
==================

that makes sense... the only time it's a problem is either if it's in the 
config file, or if i run something like:
 	gpg -u dsa-user -u rsa-user --cert-digest-algo sha256 --sign-key xyz

where one signing key is DSA and one isn't.


>> 2) according to the 1.3.6 man page, "--ask-cert-level" should be on by
>> default. that seems to be incorrect.
>
> Yes.  That's a documentation error.  --ask-cert-level is off by
> default.
===================

i would think the default should be to ask... new users won't know to set 
an option, and experienced users can turn it off if they want.


         ...atom

  _________________________________________
  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	"HEY! HO! LET'S GO!"
 		-- The Ramones
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures

iQEcBAEBCAAGBQJBBCZfAAoJEAx/d+cTpVcitpcIAL1kCcY2VOaj+UCqfT42aHCy
K2Mhvo7Vm276oYKziVdhxbRI0t2+DYd3CD0BbC/jXS95bZpQUGSPgH+ivkSVBgtH
TxtUFQuiYYFZOPPxF9+8c2XT7q8+KRtThc0wmSyjlZj16mVqOcBXypEVGzCMz3f7
y1OF427tiBRBnapITfe/ox/1rRR0g8b+Y+iiv53o7kJXZLNjiwxiwbNUPX+ZHQTg
Bbm4kgF0DUIR774C8lr+Hb6h4fPj35r2LVjxNrhx8p1q5rFN4eBEaopcFZKLXDD/
+OBVPX1UonipPAJC+wvw0xdPnOznZse1mVHck3PM5BQ7rKptDN2JtShHSiSNNyE=
=ZgUj
-----END PGP SIGNATURE-----

More information about the Gnupg-devel mailing list