blacklisting MD5 in gpg [was: Re: un-trusting MD5 in gpg]

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu May 7 16:37:47 CEST 2009


On 05/07/2009 04:57 AM, Werner Koch wrote:
> On Thu,  7 May 2009 00:04, dshaw at jabberwocky.com said:
>
> I would prefer
> 
>   --blacklist-digest-algo NAME_or_NUMBER
> 
> The reason is that we do not need a specific order as with
> personal-digest-preferences.  It makes implementation (cf. gpgconf)
> easier and better matches other options related to algorithms.

So if gpg eventually decides to blacklist MD5 by default, and a user
throws caution to the winds and decides that they simply must rely on
(or create) signatures over MD5, they'd do:

 --no-blacklist-digest-algo MD5

is that right?

Should gpg --version somehow indicate algorithms which it knows about
but which are blacklisted in the current configuration?

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090507/4be99682/attachment.pgp>


More information about the Gnupg-devel mailing list