blacklisting MD5 in gpg [was: Re: un-trusting MD5 in gpg]
David Shaw
dshaw at jabberwocky.com
Thu May 7 17:12:45 CEST 2009
On May 7, 2009, at 10:37 AM, Daniel Kahn Gillmor wrote:
> On 05/07/2009 04:57 AM, Werner Koch wrote:
>> On Thu, 7 May 2009 00:04, dshaw at jabberwocky.com said:
>>
>> I would prefer
>>
>> --blacklist-digest-algo NAME_or_NUMBER
>>
>> The reason is that we do not need a specific order as with
>> personal-digest-preferences. It makes implementation (cf. gpgconf)
>> easier and better matches other options related to algorithms.
>
> So if gpg eventually decides to blacklist MD5 by default, and a user
> throws caution to the winds and decides that they simply must rely on
> (or create) signatures over MD5, they'd do:
>
> --no-blacklist-digest-algo MD5
>
> is that right?
Sounds good.
> Should gpg --version somehow indicate algorithms which it knows about
> but which are blacklisted in the current configuration?
That's a good idea. Maybe putting it in brackets or something like
"[MD5]" to indicate that it exists, but isn't being used.
David
More information about the Gnupg-devel
mailing list