un-trusting MD5 in gpg

[Werner Koch]

On Tue,  5 May 2009 20:50, dkg at fifthhorseman.net said:

>  --trust-digest-algo name
>  --no-trust-digest-algo name
>       Trust (or not) signatures made over a digest algorithm of *name*.
>       Untrusted digests can still be computed in other contexts, but
>       certifications and data signatures made over untrusted digests
>       will be considered invalid.  By default, all implemented digest
>       algorithms are trusted.

This mixes trust with an algorithm, something we never did.  With the
same reasoning we could say: Don't trust a key with less than 1536 bits.
The point here is that we can't take a decision for the signer - he
might have valid reasons to use certain parameters which reflects the
needs to fulfill a ertain goal.

An option --disable-digest-algo better reflects what you want to do: I
don't want to check signatures made using algorithm MD5.  It is not a
matter of trust but a decision by you and only you.  This is similar to
my procmailrc which sends all mails with HTML in it to the bit bucket:
it is my decisions, that I don't want to see such mails.  It does not
mean that I don't trust the sender; he might have very good reasons to
send HTML mail but for technical reasons I reject them.

We need to see whether we can use this option name without getting into
problems with gpg2.  I don't know right now.  Another name might be
something along the words --ignore-signatures-with.

> And last: is there any reason to add an additional error value to cover
> these semantics (e.g. G10_ERR_INSECURE_DIGEST_ALGO), or is
> G10_ERR_DIGEST_ALGO sufficient?

I can imagin adding a few new error codes; we already have:

43	GPG_ERR_WEAK_KEY		Weak encryption key

and new ones like:

        GPG_ERR_WEAK_DIGEST_ALGO
        GPG_ERR_WEAK_CIPHER_ALGO

may be useful for further processing; not necessary to be dispalyed to a
user but may be displayed as well in cases you describe.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.