--blacklist-digest-algo plans [was: Re: un-trusting MD5 in gpg]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu May 7 18:11:10 CEST 2009
On 05/07/2009 11:34 AM, David Shaw wrote:
> So, thus far, the plan sounds like:
> --blacklist-digest-algo (name or number)
> --no-blacklist-digest-algo (name or number)
> Repeating the blacklist-digest-algo option can be done to add more than
> one algorithm to the blacklist. no-blacklist-digest-algo can be used to
> remove something from the list. Whoever gets in last (add to the list
> or remove from the list) wins.
> A blacklisted digest will cause signature verification to fail with an
> appropriate error message along the lines of "digest algorithm is
> blacklisted" (internally, GPG_ERR_BLACKLISTED_DIGEST or the like).
> A key certification created with a blacklisted digest will not be part
> of the web of trust.
> A blacklisted digest will also not be usable when creating a
> signature/certification, with the same sort of error returned.
> This does not affect the use of the digest in things like --print-md.
> gpg --version will flag blacklisted algorithms by putting them in
This is a good summary, and sounds like a very useful feature proposal.
While we're defining this, do we want to also define
--blacklist-cipher-algo ? Semantically, i imagine that adding a cipher
to the blacklist would result in the following:
* nothing would ever be encrypted over the blacklisted cipher
* when decrypting data encrypted by a blacklisted cipher, gpg would
emit a warning.
If blacklist-cipher-algo is at all controversial, i'm fine with tabling
the discussion on it. I don't want it to divert attention from the
blacklist-digest-algo proposal, which seems a higher priority to me.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 890 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-devel