blacklisting MD5 in gpg [was: Re: un-trusting MD5 in gpg]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu May 7 16:37:47 CEST 2009
On 05/07/2009 04:57 AM, Werner Koch wrote:
> On Thu, 7 May 2009 00:04, dshaw at jabberwocky.com said:
>
> I would prefer
>
> --blacklist-digest-algo NAME_or_NUMBER
>
> The reason is that we do not need a specific order as with
> personal-digest-preferences. It makes implementation (cf. gpgconf)
> easier and better matches other options related to algorithms.
So if gpg eventually decides to blacklist MD5 by default, and a user
throws caution to the winds and decides that they simply must rely on
(or create) signatures over MD5, they'd do:
--no-blacklist-digest-algo MD5
is that right?
Should gpg --version somehow indicate algorithms which it knows about
but which are blacklisted in the current configuration?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090507/4be99682/attachment.pgp>
More information about the Gnupg-devel
mailing list