1.3.6 cert signatures

Atom 'Smasher' atom at suspicious.org
Sun Jul 25 23:30:01 CEST 2004

Hash: SHA256

On Sun, 25 Jul 2004, David Shaw wrote:
> On Sun, Jul 25, 2004 at 02:24:41AM -0400, Atom 'Smasher' wrote:

> I've noticed in the PGP world, the users who don't upgrade do tend to
> upgrade within a particular series of PGP.  So PGP 6 people will use
> the latest PGP 6, but not upgrade to PGP 7 or 8, etc.  This sort of
> makes sense since each major release of PGP has had fairly different
> characteristics (command line available or not, source code release or
> not, and so on).

sounds to me like more good reasons to be using GnuPG ;)

> Did you try the SHA-256 cert signatures with PGP 8?

no, but i think it claims to support SHA-256. if anyone has a copy (of 
PGP-8) installed, feel free to test my key on it... i recently added two 
RSA subkeys with SHA-256 certs.

> No.  This is a hard error, since you asked GnuPG to do something that
> is not possible (use a >160-bit hash with DSA).  A warning (and
> presumably using SHA-1 as the hash) risks doing something the user did
> not desire to happen.

that makes sense... the only time it's a problem is either if it's in the 
config file, or if i run something like:
 	gpg -u dsa-user -u rsa-user --cert-digest-algo sha256 --sign-key xyz

where one signing key is DSA and one isn't.

>> 2) according to the 1.3.6 man page, "--ask-cert-level" should be on by
>> default. that seems to be incorrect.
> Yes.  That's a documentation error.  --ask-cert-level is off by
> default.

i would think the default should be to ask... new users won't know to set 
an option, and experienced users can turn it off if they want.


  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808

 	"HEY! HO! LET'S GO!"
 		-- The Ramones
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures


More information about the Gnupg-devel mailing list