laying groundwork for an eventual migration away from SHA1 with gpg

Daniel Kahn Gillmor dkg at
Wed May 6 07:38:53 CEST 2009

Hi gpg folks--

In the interest of building a web of trust that is not reliant on SHA-1
sometime in the future, i've posted some initial suggestions in the form
of a HOWTO for debian users and developers to my blog:

The goal of the piece is to outline a few practical steps that
relatively skilled users can take to lay the groundwork for an
environment in which we can effectively deprecate SHA1 in the future
without cutting everyone off from each other.

I've tried to clarify the potential gravity of the situation without
sensationalizing it, and i've tried to provide concrete, non-disruptive
things for reasonable people to do in the present that will prepare for
a smoother transition in the future.  The blog post should be aggregated
on by now, so i'm hoping DDs (who tend to be
well-connected in the WoT) will read it.

I welcome any feedback, comments, and corrections.

Thanks for all your work on this stuff,


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090506/afbd58e3/attachment.pgp>

More information about the Gnupg-devel mailing list