1.3.6 cert signatures
atom at suspicious.org
Sun Jul 25 23:30:01 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
On Sun, 25 Jul 2004, David Shaw wrote:
> On Sun, Jul 25, 2004 at 02:24:41AM -0400, Atom 'Smasher' wrote:
> I've noticed in the PGP world, the users who don't upgrade do tend to
> upgrade within a particular series of PGP. So PGP 6 people will use
> the latest PGP 6, but not upgrade to PGP 7 or 8, etc. This sort of
> makes sense since each major release of PGP has had fairly different
> characteristics (command line available or not, source code release or
> not, and so on).
sounds to me like more good reasons to be using GnuPG ;)
> Did you try the SHA-256 cert signatures with PGP 8?
no, but i think it claims to support SHA-256. if anyone has a copy (of
PGP-8) installed, feel free to test my key on it... i recently added two
RSA subkeys with SHA-256 certs.
> No. This is a hard error, since you asked GnuPG to do something that
> is not possible (use a >160-bit hash with DSA). A warning (and
> presumably using SHA-1 as the hash) risks doing something the user did
> not desire to happen.
that makes sense... the only time it's a problem is either if it's in the
config file, or if i run something like:
gpg -u dsa-user -u rsa-user --cert-digest-algo sha256 --sign-key xyz
where one signing key is DSA and one isn't.
>> 2) according to the 1.3.6 man page, "--ask-cert-level" should be on by
>> default. that seems to be incorrect.
> Yes. That's a documentation error. --ask-cert-level is off by
i would think the default should be to ask... new users won't know to set
an option, and experienced users can turn it off if they want.
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
"HEY! HO! LET'S GO!"
-- The Ramones
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
-----END PGP SIGNATURE-----
More information about the Gnupg-devel