un-trusting MD5 in gpg
dshaw at jabberwocky.com
Wed May 6 21:42:28 CEST 2009
On May 6, 2009, at 3:31 PM, Daniel Kahn Gillmor wrote:
> On 05/06/2009 03:19 PM, Daniel Kahn Gillmor wrote:
>> What about --weak-digest and --weak-cipher? We also need to think
>> how to adjust the default list in the other direction, which was
>> what my
>> original --no-trust-digest and --trust-digest tried to cover (albeit
>> with a poorly-chosen name). unfortunately --no-weak-digest doesn't
>> as much sense.
> Hang on, i think i've overthought this. what about just a simple list
> by analogy with --personal-digest-preferences:
> A list of names of digest algorithms considered to be weak enough
> that signatures over these algorithms should be considered invalid.
> By default, this list is (empty? MD5?). Supply an empty string or
> the word "none" to accept valid signatures over all digests.
I like this basic idea (though don't like the name "weak" for reasons
I mentioned earlier). The analogy to personal-digest-preferences is a
good one: this is the personal-digest-anti-preferences. Instead of
the algorithms the user likes and wants to use when possible, these
are the algorithms the user dislikes and won't accept.
> Any thoughts? Another approach would be to assume that the complement
> of the digests listed in --personal-digest-preferences is actually
> set. This reduces the gpg's already-hairy configuration space, but it
> also modifies the semantics of --personal-digest-preferences in ways
> that might cause problems on existing installations.
We can't really do that because the meaning of personal-xxx-prefs is
"I like these best", not "I will only accept these". People tend to
do stuff like "personal-digest-prefs sha256" to favor sha-256, which
would immediately lock out every other hash.
More information about the Gnupg-devel