un-trusting MD5 in gpg
David Shaw
dshaw at jabberwocky.com
Wed May 6 21:31:25 CEST 2009
On May 6, 2009, at 9:38 AM, Werner Koch wrote:
>> And last: is there any reason to add an additional error value to
>> cover
>> these semantics (e.g. G10_ERR_INSECURE_DIGEST_ALGO), or is
>> G10_ERR_DIGEST_ALGO sufficient?
>
> I can imagin adding a few new error codes; we already have:
>
> 43 GPG_ERR_WEAK_KEY Weak encryption key
>
> and new ones like:
>
> GPG_ERR_WEAK_DIGEST_ALGO
> GPG_ERR_WEAK_CIPHER_ALGO
>
> may be useful for further processing; not necessary to be dispalyed
> to a
> user but may be displayed as well in cases you describe.
I think if we're going to add new error codes for this, I'd rather
just say something like GPG_ERR_DISABLED_DIGEST_ALGO and
GPG_ERR_DISABLED_CIPHER_ALGO. Calling it "weak" is a value judgement
(i.e. weaker than what? too weak for what?) The WEAK_KEY message is
a different sort of thing here as "weak key" is a defined term for
those ciphers that have weak keys.
Simply calling it "disabled" means exactly what it says: the user
disabled it. We shouldn't really care why. Also, when the user sees
the string that goes along with that error message, that indicates
there is a way to disable and enable digest algorithms, so they can
understand what happened.
David
More information about the Gnupg-devel
mailing list