un-trusting MD5 in gpg

[David Shaw]

On May 6, 2009, at 3:31 PM, Daniel Kahn Gillmor wrote:

> On 05/06/2009 03:19 PM, Daniel Kahn Gillmor wrote:
>> What about --weak-digest and --weak-cipher?  We also need to think  
>> about
>> how to adjust the default list in the other direction, which was  
>> what my
>> original --no-trust-digest and --trust-digest tried to cover (albeit
>> with a poorly-chosen name).  unfortunately --no-weak-digest doesn't  
>> make
>> as much sense.
>
> Hang on, i think i've overthought this.  what about just a simple list
> by analogy with --personal-digest-preferences:
>
> --weak-digest-algos
>   A list of names of digest algorithms considered to be weak enough
>   that signatures over these algorithms should be considered invalid.
>   By default, this list is (empty? MD5?).  Supply an empty string or
>   the word "none" to accept valid signatures over all digests.

I like this basic idea (though don't like the name "weak" for reasons  
I mentioned earlier).  The analogy to personal-digest-preferences is a  
good one: this is the personal-digest-anti-preferences.  Instead of  
the algorithms the user likes and wants to use when possible, these  
are the algorithms the user dislikes and won't accept.

> Any thoughts?  Another approach would be to assume that the complement
> of the digests listed in --personal-digest-preferences is actually  
> this
> set.  This reduces the gpg's already-hairy configuration space, but it
> also modifies the semantics of --personal-digest-preferences in ways
> that might cause problems on existing installations.

We can't really do that because the meaning of personal-xxx-prefs is  
"I like these best", not "I will only accept these".  People tend to  
do stuff like "personal-digest-prefs sha256" to favor sha-256, which  
would immediately lock out every other hash.

David