un-trusting MD5 in gpg

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon May 4 16:17:22 CEST 2009

I'll give David's patch a try shortly, just to see how much of my
OpenPGP-related workflow breaks.  I'll report back here with anything
interesting that i find.

Wouldn't it make more sense to return G10ERR_DIGEST_ALGO instead of
G10ERR_BAD_SIGN, though?  libgpg-error suggests that it means "Invalid
Digest Algorithm".  Any reason i shouldn't do that instead?

On 05/04/2009 04:09 AM, Werner Koch wrote:
> What can be done is to print a warning (already on our task list) and to
> implement an option to ignore signatures done with digest algorithm foo
> (similar to --disable-cipher-also)

Yes, something like --disable-digest-algo is the direction i think gpg
should be heading.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090504/34ff214e/attachment.pgp>

More information about the Gnupg-devel mailing list