gpgsm 1.9.22 supports no RC2 Algorithm ?
Nicholas Sushkin
nsushkin at sushkins.net
Fri May 4 15:07:20 CEST 2007
On Friday 04 May 2007 04:17, Werner Koch wrote:
> On Thu, 3 May 2007 22:34, nsushkin at sushkins.net said:
> > There has been a bug filed today in Mozilla bugzilla,
> > https://bugzilla.mozilla.org/show_bug.cgi?id=379625. If any of you can
> > vote, track, or help troubleshoot the issue, the affected users
> > (including me) will greatly appreciate.
>
> The issue is simply that Mozilla allows (and even worse, sometimes
> forces) the use of RC2. This should be fixed asap in Mozilla.
>
> I consider any application using RC2 for encryption not only broken but
> playing a false game with its users by telling them: Your mail has been
> encrypted. They are not telling them that it is the "NSA approved" 40
> bit cipher used in the dark ages for US-exportable software.
>
> Go and drop RC2!
Werner,
Did you read the bug report? There may be another problem with the
encryption protocol negotiation between gpgsm and Thunderbird.
Dropping RC2 has also been requested via a different Thunderbird bug,
https://bugzilla.mozilla.org/show_bug.cgi?id=84213
The bug status indicates that it has been assigned to a developer on May
1st. I think it's pretty clear to many that the weak algorithm shouldn't be
supported and they are working on it. But I think that Thunderbird
developers may use help of gpgsm developers if you have anything to say
about the protocol negotiation. See Nelson Bolyard's analysis at
https://bugzilla.mozilla.org/show_bug.cgi?id=379625#c2
Thank you.
--
Nick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1388 bytes
Desc: not available
Url : /pipermail/attachments/20070504/3d0e6014/attachment.bin
More information about the Gnupg-devel
mailing list