un-trusting MD5 in gpg
David Shaw
dshaw at jabberwocky.com
Wed May 6 22:23:19 CEST 2009
On May 6, 2009, at 4:04 PM, Daniel Kahn Gillmor wrote:
> On 05/06/2009 03:42 PM, David Shaw wrote:
>> I like this basic idea (though don't like the name "weak" for
>> reasons I
>> mentioned earlier). The analogy to personal-digest-preferences is a
>> good one: this is the personal-digest-anti-preferences. Instead of
>> the
>> algorithms the user likes and wants to use when possible, these are
>> the
>> algorithms the user dislikes and won't accept.
>
> --unacceptable-digest-algos maybe? Your point about "weak" is a good
> one, i think. i was unaware that WEAK_KEY had a specific technical
> meaning.
Maybe we should name it personal-digest-something. It makes it clear
that these are personal settings, pertain to digests, and that this is
sort of a parallel function to personal-digest-preferences. What are
the antonyms of preferences? personal-digest-dislikes? personal-
digest-rejections? personal-digest-disable?
> Having the two
> options allows for some weird (and unnecessary) configurations, like:
>
> --unacceptable-digest-algos MD5 --personal-digest-preferences MD5
>
> wherein you would only make signatures that you would never believe
> were
> valid. The answer of course, is Don't Do This, but it's unfortunate
> to
> give the user that much rope.
Hashes are a bit easier, but you can imagine some real problems with a
list of unacceptable ciphers. Let's say that we had a user who set
"personal-cipher-donotaccept 3des". What could this user do when
encrypting to a bunch of recipients whose ciphers do not intersect on
anything other than 3des? I guess the best thing to do would be to
simply error out.
David
More information about the Gnupg-devel
mailing list